CVS log for src/sys/netinet/ip_output.c
![[BACK]](/gifs/back.gif){kind=small}
Up to [FreeBSD] / src / sys / netinet
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.329.2.2.2.1: download - view: text, markup, annotated - select for diffs
Fri Nov 11 04:20:22 2011 UTC (3 months ago) by kensmith
Branches: RELENG_9_0
CVS tags: RELENG_9_0_0_RELEASE
Diff to: previous 1.329.2.2: preferred, colored; next MAIN 1.330: preferred, colored
Changes since revision 1.329.2.2: +0 -0 lines
SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release cycle. Approved by: re (implicit)
Revision 1.329.2.2: download - view: text, markup, annotated - select for diffs
Thu Nov 10 20:28:30 2011 UTC (3 months ago) by trociny
Branches: RELENG_9
CVS tags: RELENG_9_0_BP
Branch point for: RELENG_9_0
Diff to: previous 1.329.2.1: preferred, colored; branchpoint 1.329: preferred, colored; next MAIN 1.330: preferred, colored
Changes since revision 1.329.2.1: +36 -5 lines
SVN rev 227428 on 2011-11-10 20:28:30Z by trociny MFC r227204, 227206, 227207: r227204: Fix the typo made in r157474. r227206: Before dereferencing intotw() check for NULL, the same way as it is done for in_pcb (see r157474). r227207: Cache SO_REUSEPORT socket option in inpcb-layer in order to avoid inp_socket->so_options dereference when we may not acquire the lock on the inpcb. This fixes the crash due to NULL pointer dereference in in_pcbbind_setup() when inp_socket->so_options in a pcb returned by in_pcblookup_local() was checked. Reported by: dave jones <s.dave.jones@gmail.com>, Arnaud Lacombe <lacombar@gmail.com> Suggested by: rwatson Glanced by: rwatson Tested by: dave jones <s.dave.jones@gmail.com> Approved by: re (kib)
Revision 1.330: download - view: text, markup, annotated - select for diffs
Sun Nov 6 10:47:20 2011 UTC (3 months ago) by trociny
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.329: preferred, colored
Changes since revision 1.329: +36 -5 lines
SVN rev 227207 on 2011-11-06 10:47:20Z by trociny Cache SO_REUSEPORT socket option in inpcb-layer in order to avoid inp_socket->so_options dereference when we may not acquire the lock on the inpcb. This fixes the crash due to NULL pointer dereference in in_pcbbind_setup() when inp_socket->so_options in a pcb returned by in_pcblookup_local() was checked. Reported by: dave jones <s.dave.jones@gmail.com>, Arnaud Lacombe <lacombar@gmail.com> Suggested by: rwatson Glanced by: rwatson Tested by: dave jones <s.dave.jones@gmail.com>
Revision 1.329.2.1: download - view: text, markup, annotated - select for diffs
Fri Sep 23 00:51:37 2011 UTC (4 months, 2 weeks ago) by kensmith
Branches: RELENG_9
Diff to: previous 1.329: preferred, colored
Changes since revision 1.329: +0 -0 lines
SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith Copy head to stable/9 as part of 9.0-RELEASE release cycle. Approved by: re (implicit)
Revision 1.314.2.12: download - view: text, markup, annotated - select for diffs
Tue Apr 19 08:56:26 2011 UTC (9 months, 3 weeks ago) by bz
Branches: RELENG_8
Diff to: previous 1.314.2.11: preferred, colored; branchpoint 1.314: preferred, colored; next MAIN 1.315: preferred, colored
Changes since revision 1.314.2.11: +1 -1 lines
SVN rev 220828 on 2011-04-19 08:56:26Z by bz MFC r220619: The mbuf_frag_size always was and is file local and not queried from base user space tools via kvm. Mark it static.
Revision 1.276.2.8: download - view: text, markup, annotated - select for diffs
Tue Apr 19 08:56:09 2011 UTC (9 months, 3 weeks ago) by bz
Branches: RELENG_7
Diff to: previous 1.276.2.7: preferred, colored; branchpoint 1.276: preferred, colored; next MAIN 1.277: preferred, colored
Changes since revision 1.276.2.7: +1 -1 lines
SVN rev 220827 on 2011-04-19 08:56:09Z by bz MFC r220619: The mbuf_frag_size always was and is file local and not queried from base user space tools via kvm. Mark it static.
Revision 1.329: download - view: text, markup, annotated - select for diffs
Thu Apr 14 09:47:09 2011 UTC (9 months, 4 weeks ago) by bz
Branches: MAIN
CVS tags: RELENG_9_BP
Branch point for: RELENG_9
Diff to: previous 1.328: preferred, colored
Changes since revision 1.328: +1 -1 lines
SVN rev 220619 on 2011-04-14 09:47:09Z by bz The mbuf_frag_size always was and is file local and not queried from base user space tools via kvm. Mark it static. MFC after: 3 days
Revision 1.328: download - view: text, markup, annotated - select for diffs
Fri Dec 31 21:47:11 2010 UTC (13 months, 1 week ago) by bz
Branches: MAIN
Diff to: previous 1.327: preferred, colored
Changes since revision 1.327: +3 -0 lines
SVN rev 216857 on 2010-12-31 21:47:11Z by bz Try to catch a possible divide-by-zero as early as possible if "mtu" is 0 (also test for negative MTUs if checking it anyway). An MTU of 0 is arguably a bug elsewhere, but this at least gives us some more debugging hints. Sponsored by: ISPsystem (Early 2010) MFC after: 1 week
Revision 1.276.2.7.6.1: download - view: text, markup, annotated - select for diffs
Tue Dec 21 17:10:29 2010 UTC (13 months, 2 weeks ago) by kensmith
Branches: RELENG_7_4
CVS tags: RELENG_7_4_0_RELEASE
Diff to: previous 1.276.2.7: preferred, colored; next MAIN 1.276.2.8: preferred, colored
Changes since revision 1.276.2.7: +0 -0 lines
SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release. Approved by: re (implicit)
Revision 1.314.2.11.2.1: download - view: text, markup, annotated - select for diffs
Tue Dec 21 17:09:25 2010 UTC (13 months, 2 weeks ago) by kensmith
Branches: RELENG_8_2
CVS tags: RELENG_8_2_0_RELEASE
Diff to: previous 1.314.2.11: preferred, colored; next MAIN 1.314.2.12: preferred, colored
Changes since revision 1.314.2.11: +0 -0 lines
SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release. Approved by: re (implicit)
Revision 1.314.2.11: download - view: text, markup, annotated - select for diffs
Mon Oct 25 13:16:11 2010 UTC (15 months, 2 weeks ago) by attilio
Branches: RELENG_8
CVS tags: RELENG_8_2_BP
Branch point for: RELENG_8_2
Diff to: previous 1.314.2.10: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.10: +4 -0 lines
SVN rev 214338 on 2010-10-25 13:16:11Z by attilio IP_BINDANY is not correctly handled in getsockopt() case. Fix it by specifying the correct bits.
Revision 1.327: download - view: text, markup, annotated - select for diffs
Fri Sep 24 14:38:54 2010 UTC (16 months, 2 weeks ago) by attilio
Branches: MAIN
Diff to: previous 1.326: preferred, colored
Changes since revision 1.326: +4 -0 lines
SVN rev 213101 on 2010-09-24 14:38:54Z by attilio IP_BINDANY is not correctly handled in getsockopt() case. Fix it by specifying the correct bits. Sponsored by: Sandvine Incorporated Reviewed by: bz, emaste, rstone Obtained from: Sandvine Incorporated MFC after: 10 days
Revision 1.314.2.9.2.2: download - view: text, markup, annotated - select for diffs
Fri Jun 25 21:26:34 2010 UTC (19 months, 2 weeks ago) by qingli
Branches: RELENG_8_1
CVS tags: RELENG_8_1_0_RELEASE
Diff to: previous 1.314.2.9.2.1: preferred, colored; branchpoint 1.314.2.9: preferred, colored; next MAIN 1.314.2.10: preferred, colored
Changes since revision 1.314.2.9.2.1: +1 -1 lines
SVN rev 209524 on 2010-06-25 21:26:34Z by qingli MFC r208553 This patch fixes the problem where proxy ARP entries cannot be added over the if_ng interface. Approved by: re (bz)
Revision 1.314.2.10: download - view: text, markup, annotated - select for diffs
Fri Jun 18 03:31:33 2010 UTC (19 months, 3 weeks ago) by qingli
Branches: RELENG_8
Diff to: previous 1.314.2.9: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.9: +1 -1 lines
SVN rev 209277 on 2010-06-18 03:31:33Z by qingli MFC r208553 This patch fixes the problem where proxy ARP entries cannot be added over the if_ng interface.
Revision 1.314.2.9.2.1: download - view: text, markup, annotated - select for diffs
Mon Jun 14 02:09:06 2010 UTC (19 months, 4 weeks ago) by kensmith
Branches: RELENG_8_1
Diff to: previous 1.314.2.9: preferred, colored
Changes since revision 1.314.2.9: +0 -0 lines
SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith Copy stable/8 to releng/8.1 in preparation for 8.1-RC1. Approved by: re (implicit)
Revision 1.326: download - view: text, markup, annotated - select for diffs
Tue May 25 20:42:35 2010 UTC (20 months, 2 weeks ago) by qingli
Branches: MAIN
Diff to: previous 1.325: preferred, colored
Changes since revision 1.325: +1 -1 lines
SVN rev 208553 on 2010-05-25 20:42:35Z by qingli This patch fixes the problem where proxy ARP entries cannot be added over the if_ng interface. MFC after: 3 days
Revision 1.314.2.9: download - view: text, markup, annotated - select for diffs
Mon Apr 5 13:48:23 2010 UTC (22 months, 1 week ago) by rrs
Branches: RELENG_8
CVS tags: RELENG_8_1_BP
Branch point for: RELENG_8_1
Diff to: previous 1.314.2.8: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.8: +2 -2 lines
SVN rev 206181 on 2010-04-05 13:48:23Z by rrs MFC of 2 items to fix the csum for v6 issue: Revision 205075 and 205104: ---------205075---------- With the recent change of the sctp checksum to support offload, no delayed checksum was added to the ip6 output code. This causes cards that do not support SCTP checksum offload to have SCTP packets that are IPv6 NOT have the sctp checksum performed. Thus you could not communicate with a peer. This adds the missing bits to make the checksum happen for these cards. ------------------------- ---------205104---------- The proper fix for the delayed SCTP checksum is to have the delayed function take an argument as to the offset to the SCTP header. This allows it to work for V4 and V6. This of course means changing all callers of the function to either pass the header len, if they have it, or create it (ip_hl << 2 or sizeof(ip6_hdr)). ------------------------- PR: 144529
Revision 1.314.2.8: download - view: text, markup, annotated - select for diffs
Fri Apr 2 05:02:50 2010 UTC (22 months, 1 week ago) by qingli
Branches: RELENG_8
Diff to: previous 1.314.2.7: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.7: +5 -1 lines
SVN rev 206067 on 2010-04-02 05:02:50Z by qingli MFC 204902 One of the advantages of enabling ECMP (a.k.a RADIX_MPATH) is to allow for connection load balancing across interfaces. Currently the address alias handling method is colliding with the ECMP code. For example, when two interfaces are configured on the same prefix, only one prefix route is installed. So connection load balancing among the available interfaces is not possible. The other advantage of ECMP is for failover. The issue with the current code, is that the interface link-state is not reflected in the route entry. For example, if there are two interfaces on the same prefix, the cable on one interface is unplugged, new and existing connections should switch over to the other interface. This is not done today and packets go into a black hole. Also, there is a small bug in the kernel where deleting ECMP routes in the userland will always return an error even though the command is successfully executed.
Revision 1.314.2.7: download - view: text, markup, annotated - select for diffs
Fri Apr 2 04:58:17 2010 UTC (22 months, 1 week ago) by qingli
Branches: RELENG_8
Diff to: previous 1.314.2.6: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.6: +22 -18 lines
SVN rev 206066 on 2010-04-02 04:58:17Z by qingli MFC 201131 introduce a local variable rte acting as a cache of ro->ro_rt within ip_output, achieving (in random order of importance): - a reduction of the number of 'r's in the source code; - improved legibility; - a reduction of 64 bytes in the .text
Revision 1.314.2.6: download - view: text, markup, annotated - select for diffs
Thu Apr 1 00:36:40 2010 UTC (22 months, 1 week ago) by kmacy
Branches: RELENG_8
Diff to: previous 1.314.2.5: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.5: +14 -8 lines
SVN rev 206024 on 2010-04-01 00:36:40Z by kmacy MFC 205066, 205069, 205093, 205097, 205488: r205066: Log: - restructure flowtable to support ipv6 - add a name argument to flowtable_alloc for printing with ddb commands - extend ddb commands to print destination address or 4-tuples - don't parse ports in ulp header if FL_HASH_ALL is not passed - add kern_flowtable_insert to enable more generic use of flowtable (e.g. system calls for adding entries) - don't hash loopback addresses - cleanup whitespace - keep statistics per-cpu for per-cpu flowtables to avoid cache line contention - add sysctls to accumulate stats and report aggregate r205069: Log: fix stats reporting sysctl r205093: Log: re-update copyright to 2010 pointed out by danfe@ r205097: Log: flowtable_get_hashkey is only used by a DDB function - move under #ifdef DDB pointed out by jkim@ r205488: Log: - boot-time size the ipv4 flowtable and the maximum number of flows - increase flow cleaning frequency and decrease flow caching time when near the flow limit - stop allocating new flows when within 3% of maxflows don't start allocating again until below 12.5%
Revision 1.325: download - view: text, markup, annotated - select for diffs
Fri Mar 12 22:58:52 2010 UTC (23 months ago) by rrs
Branches: MAIN
Diff to: previous 1.324: preferred, colored
Changes since revision 1.324: +2 -2 lines
SVN rev 205104 on 2010-03-12 22:58:52Z by rrs The proper fix for the delayed SCTP checksum is to have the delayed function take an argument as to the offset to the SCTP header. This allows it to work for V4 and V6. This of course means changing all callers of the function to either pass the header len, if they have it, or create it (ip_hl << 2 or sizeof(ip6_hdr)). PR: 144529 MFC after: 2 weeks
Revision 1.324: download - view: text, markup, annotated - select for diffs
Fri Mar 12 05:03:26 2010 UTC (23 months ago) by kmacy
Branches: MAIN
Diff to: previous 1.323: preferred, colored
Changes since revision 1.323: +14 -8 lines
SVN rev 205066 on 2010-03-12 05:03:26Z by kmacy - restructure flowtable to support ipv6 - add a name argument to flowtable_alloc for printing with ddb commands - extend ddb commands to print destination address or 4-tuples - don't parse ports in ulp header if FL_HASH_ALL is not passed - add kern_flowtable_insert to enable more generic use of flowtable (e.g. system calls for adding entries) - don't hash loopback addresses - cleanup whitespace - keep statistics per-cpu for per-cpu flowtables to avoid cache line contention - add sysctls to accumulate stats and report aggregate MFC after: 7 days
Revision 1.323: download - view: text, markup, annotated - select for diffs
Tue Mar 9 01:11:45 2010 UTC (23 months ago) by qingli
Branches: MAIN
Diff to: previous 1.322: preferred, colored
Changes since revision 1.322: +5 -1 lines
SVN rev 204902 on 2010-03-09 01:11:45Z by qingli One of the advantages of enabling ECMP (a.k.a RADIX_MPATH) is to allow for connection load balancing across interfaces. Currently the address alias handling method is colliding with the ECMP code. For example, when two interfaces are configured on the same prefix, only one prefix route is installed. So connection load balancing among the available interfaces is not possible. The other advantage of ECMP is for failover. The issue with the current code, is that the interface link-state is not reflected in the route entry. For example, if there are two interfaces on the same prefix, the cable on one interface is unplugged, new and existing connections should switch over to the other interface. This is not done today and packets go into a black hole. Also, there is a small bug in the kernel where deleting ECMP routes in the userland will always return an error even though the command is successfully executed. MFC after: 5 days
Revision 1.276.2.7.4.1: download - view: text, markup, annotated - select for diffs
Wed Feb 10 00:26:20 2010 UTC (2 years ago) by kensmith
Branches: RELENG_7_3
CVS tags: RELENG_7_3_0_RELEASE
Diff to: previous 1.276.2.7: preferred, colored; next MAIN 1.276.2.8: preferred, colored
Changes since revision 1.276.2.7: +0 -0 lines
SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process. Approved by: re (implicit)
Revision 1.314.2.5: download - view: text, markup, annotated - select for diffs
Sun Feb 7 09:00:22 2010 UTC (2 years ago) by julian
Branches: RELENG_8
Diff to: previous 1.314.2.4: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.4: +2 -2 lines
SVN rev 203605 on 2010-02-07 09:00:22Z by julian
MFC of 197952 and 198075
Virtualize the pfil hooks so that different jails may chose different
packet filters. ALso allows ipfw to be enabled on on ejail and disabled
on another. In 8.0 it's a global setting.
and
Unbreak the VIMAGE build with IPSEC, broken with r197952 by
virtualizing the pfil hooks.
For consistency add the V_ to virtualize the pfil hooks in here as well.
Revision 1.322: download - view: text, markup, annotated - select for diffs
Mon Dec 28 21:14:18 2009 UTC (2 years, 1 month ago) by bz
Branches: MAIN
Diff to: previous 1.321: preferred, colored
Changes since revision 1.321: +1 -1 lines
SVN rev 201141 on 2009-12-28 21:14:18Z by bz Make the compiler happy after r201125: - + remove two unnecessary initializations in ip_output; + + remove one unnecessary initializations in ip_output;
Revision 1.321: download - view: text, markup, annotated - select for diffs
Mon Dec 28 14:48:32 2009 UTC (2 years, 1 month ago) by luigi
Branches: MAIN
Diff to: previous 1.320: preferred, colored
Changes since revision 1.320: +22 -18 lines
SVN rev 201131 on 2009-12-28 14:48:32Z by luigi introduce a local variable rte acting as a cache of ro->ro_rt within ip_output, achieving (in random order of importance): - a reduction of the number of 'r's in the source code; - improved legibility; - a reduction of 64 bytes in the .text
Revision 1.320: download - view: text, markup, annotated - select for diffs
Mon Dec 28 14:09:46 2009 UTC (2 years, 1 month ago) by luigi
Branches: MAIN
Diff to: previous 1.319: preferred, colored
Changes since revision 1.319: +13 -19 lines
SVN rev 201125 on 2009-12-28 14:09:46Z by luigi + remove an unused #define print_ip; + remove two unnecessary initializations in ip_output; + localize 'len'; + introduce a temporary variable n to count the number of fragments, the compiler seems unable to identify a common subexpression (written 3 times, used twice); + document some assumptions on ip_len and ip_hl
Revision 1.319: download - view: text, markup, annotated - select for diffs
Mon Nov 9 19:53:34 2009 UTC (2 years, 3 months ago) by trasz
Branches: MAIN
Diff to: previous 1.318: preferred, colored
Changes since revision 1.318: +1 -1 lines
SVN rev 199102 on 2009-11-09 19:53:34Z by trasz Remove ifdefed out part of code, which seems to have originated a decade ago in OpenBSD. As it is now, there is no way for this to be useful, since IPsec is free to forward packets via whatever interface it wants, so checking capabilities of the interface passed from ip_output (fetched from the routing table) serves no purpose. Discussed with: sam@
Revision 1.314.2.4.2.1: download - view: text, markup, annotated - select for diffs
Sun Oct 25 01:10:29 2009 UTC (2 years, 3 months ago) by kensmith
Branches: RELENG_8_0
CVS tags: RELENG_8_0_0_RELEASE
Diff to: previous 1.314.2.4: preferred, colored; next MAIN 1.314.2.5: preferred, colored
Changes since revision 1.314.2.4: +0 -0 lines
SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure. Approved by: re (implicit)
Revision 1.318: download - view: text, markup, annotated - select for diffs
Sun Oct 11 05:59:43 2009 UTC (2 years, 4 months ago) by julian
Branches: MAIN
Diff to: previous 1.317: preferred, colored
Changes since revision 1.317: +2 -2 lines
SVN rev 197952 on 2009-10-11 05:59:43Z by julian Virtualize the pfil hooks so that different jails may chose different packet filters. ALso allows ipfw to be enabled on on ejail and disabled on another. In 8.0 it's a global setting. Sitting aroung in tree waiting to commit for: 2 months MFC after: 2 months
Revision 1.314.2.4: download - view: text, markup, annotated - select for diffs
Sun Aug 30 22:39:49 2009 UTC (2 years, 5 months ago) by qingli
Branches: RELENG_8
CVS tags: RELENG_8_0_BP
Branch point for: RELENG_8_0
Diff to: previous 1.314.2.3: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.3: +1 -3 lines
SVN rev 196672 on 2009-08-30 22:39:49Z by qingli MFC r196608 Do not try to free the rt_lle entry of the cached route in ip_output() if the cached route was not initialized from the flow-table. The rt_lle entry is invalid unless it has been initialized through the flow-table. Reviewed by: kmacy, rwatson Approved by: re
Revision 1.317: download - view: text, markup, annotated - select for diffs
Fri Aug 28 05:37:31 2009 UTC (2 years, 5 months ago) by qingli
Branches: MAIN
Diff to: previous 1.316: preferred, colored
Changes since revision 1.316: +1 -3 lines
SVN rev 196608 on 2009-08-28 05:37:31Z by qingli Do not try to free the rt_lle entry of the cached route in ip_output() if the cached route was not initialized from the flow-table. The rt_lle entry is invalid unless it has been initialized through the flow-table. Reviewed by: kmacy, rwatson MFC after: immediately
Revision 1.314.2.3: download - view: text, markup, annotated - select for diffs
Tue Aug 18 20:39:35 2009 UTC (2 years, 5 months ago) by kmacy
Branches: RELENG_8
Diff to: previous 1.314.2.2: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.2: +1 -1 lines
SVN rev 196369 on 2009-08-18 20:39:35Z by kmacy
MFC 196368
- change the interface to flowtable_lookup so that we don't rely on
the mbuf for obtaining the fib index
- check that a cached flow corresponds to the same fib index as the
packet for which we are doing the lookup
- at interface detach time flush any flows referencing stale rtentrys
associated with the interface that is going away (fixes reported
panics)
- reduce the time between cleans in case the cleaner is running at
the time the eventhandler is called and the wakeup is missed less
time will elapse before the eventhandler returns
- separate per-vnet initialization from global initialization
(pointed out by jeli@)
Reviewed by: sam@
Approved by: re@
Revision 1.316: download - view: text, markup, annotated - select for diffs
Tue Aug 18 20:28:58 2009 UTC (2 years, 5 months ago) by kmacy
Branches: MAIN
Diff to: previous 1.315: preferred, colored
Changes since revision 1.315: +1 -1 lines
SVN rev 196368 on 2009-08-18 20:28:58Z by kmacy - change the interface to flowtable_lookup so that we don't rely on the mbuf for obtaining the fib index - check that a cached flow corresponds to the same fib index as the packet for which we are doing the lookup - at interface detach time flush any flows referencing stale rtentrys associated with the interface that is going away (fixes reported panics) - reduce the time between cleans in case the cleaner is running at the time the eventhandler is called and the wakeup is missed less time will elapse before the eventhandler returns - separate per-vnet initialization from global initialization (pointed out by jeli@) Reviewed by: sam@ Approved by: re@
Revision 1.314.2.2: download - view: text, markup, annotated - select for diffs
Sat Aug 15 00:04:12 2009 UTC (2 years, 5 months ago) by qingli
Branches: RELENG_8
Diff to: previous 1.314.2.1: preferred, colored; branchpoint 1.314: preferred, colored
Changes since revision 1.314.2.1: +5 -1 lines
SVN rev 196235 on 2009-08-15 00:04:12Z by qingli
MFC 196234
In function ip_output(), the cached route is flushed when there is a
mismatch between the cached entry and the intended destination. The
cached rtentry{} is flushed but the associated llentry{} is not. This
causes the wrong destination MAC address being used in the output
packets. The fix is to flush the llentry{} when rtentry{} is cleared.
Reviewed by: kmacy, rwatson
Approved by: re
Revision 1.315: download - view: text, markup, annotated - select for diffs
Fri Aug 14 23:44:59 2009 UTC (2 years, 5 months ago) by qingli
Branches: MAIN
Diff to: previous 1.314: preferred, colored
Changes since revision 1.314: +5 -1 lines
SVN rev 196234 on 2009-08-14 23:44:59Z by qingli
In function ip_output(), the cached route is flushed when there is a
mismatch between the cached entry and the intended destination. The
cached rtentry{} is flushed but the associated llentry{} is not. This
causes the wrong destination MAC address being used in the output
packets. The fix is to flush the llentry{} when rtentry{} is cleared.
Reviewed by: kmacy, rwatson
Approved by: re
Revision 1.314.2.1: download - view: text, markup, annotated - select for diffs
Mon Aug 3 08:13:06 2009 UTC (2 years, 6 months ago) by kensmith
Branches: RELENG_8
Diff to: previous 1.314: preferred, colored
Changes since revision 1.314: +0 -0 lines
SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith Copy head to stable/8 as part of 8.0 Release cycle. Approved by: re (Implicit)
Revision 1.314: download - view: text, markup, annotated - select for diffs
Sat Aug 1 19:26:27 2009 UTC (2 years, 6 months ago) by rwatson
Branches: MAIN
CVS tags: RELENG_8_BP
Branch point for: RELENG_8
Diff to: previous 1.313: preferred, colored
Changes since revision 1.313: +0 -1 lines
SVN rev 196019 on 2009-08-01 19:26:27Z by rwatson Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes. Reviewed by: bz Approved by: re (vimage blanket)
Revision 1.313: download - view: text, markup, annotated - select for diffs
Tue Jul 14 22:48:30 2009 UTC (2 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.312: preferred, colored
Changes since revision 1.312: +1 -7 lines
SVN rev 195699 on 2009-07-14 22:48:30Z by rwatson Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables. Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker. Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided. This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS. Bump __FreeBSD_version and update UPDATING. Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
Revision 1.312: download - view: text, markup, annotated - select for diffs
Tue Jun 23 20:19:09 2009 UTC (2 years, 7 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.311: preferred, colored
Changes since revision 1.311: +3 -0 lines
SVN rev 194760 on 2009-06-23 20:19:09Z by rwatson Modify most routines returning 'struct ifaddr *' to return references rather than pointers, requiring callers to properly dispose of those references. The following routines now return references: ifaddr_byindex ifa_ifwithaddr ifa_ifwithbroadaddr ifa_ifwithdstaddr ifa_ifwithnet ifaof_ifpforaddr ifa_ifwithroute ifa_ifwithroute_fib rt_getifa rt_getifa_fib IFP_TO_IA ip_rtaddr in6_ifawithifp in6ifa_ifpforlinklocal in6ifa_ifpwithaddr in6_ifadd carp_iamatch6 ip6_getdstifaddr Remove unused macro which didn't have required referencing: IFP_TO_IA6 This closes many small races in which changes to interface or address lists while an ifaddr was in use could lead to use of freed memory (etc). In a few cases, add missing if_addr_list locking required to safely acquire references. Because of a lack of deep copying support, we accept a race in which an in6_ifaddr pointed to by mbuf tags and extracted with ip6_getdstifaddr() doesn't hold a reference while in transmit. Once we have mbuf tag deep copy support, this can be fixed. Reviewed by: bz Obtained from: Apple, Inc. (portions) MFC after: 6 weeks (portions)
Revision 1.311: download - view: text, markup, annotated - select for diffs
Mon Jun 22 21:19:24 2009 UTC (2 years, 7 months ago) by zec
Branches: MAIN
Diff to: previous 1.310: preferred, colored
Changes since revision 1.310: +1 -1 lines
SVN rev 194660 on 2009-06-22 21:19:24Z by zec V_irtualize flowtable state. This change should make options VIMAGE kernel builds usable again, to some extent at least. Note that the size of struct vnet_inet has changed, though in accordance with one-bump-per-day policy we didn't update the __FreeBSD_version number, given that it has already been touched by r194640 a few hours ago. Reviewed by: bz Approved by: julian (mentor)
Revision 1.310: download - view: text, markup, annotated - select for diffs
Fri Jun 12 20:46:36 2009 UTC (2 years, 7 months ago) by bz
Branches: MAIN
Diff to: previous 1.309: preferred, colored
Changes since revision 1.309: +2 -0 lines
SVN rev 194076 on 2009-06-12 20:46:36Z by bz Move the kernel option FLOWTABLE chacking from the header file to the actual implementation. Remove the accessor functions for the compiled out case, just returning "unavail" values. Remove the kernel conditional from the header file as it is no longer needed, only leaving the externs. Hide the improperly virtualized SYSCTL/TUNABLE for the flowtable size under the kernel option as well. Reviewed by: rwatson
Revision 1.309: download - view: text, markup, annotated - select for diffs
Fri Jun 5 23:53:17 2009 UTC (2 years, 8 months ago) by pjd
Branches: MAIN
Diff to: previous 1.308: preferred, colored
Changes since revision 1.308: +1 -1 lines
SVN rev 193550 on 2009-06-05 23:53:17Z by pjd Only four out of nine arguments for ip_ipsec_output() are actually used. Kill unused arguments except for 'ifp' as it might be used in the future for detecting IPsec-capable interfaces.
Revision 1.308: download - view: text, markup, annotated - select for diffs
Fri Jun 5 14:55:22 2009 UTC (2 years, 8 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.307: preferred, colored
Changes since revision 1.307: +0 -1 lines
SVN rev 193511 on 2009-06-05 14:55:22Z by rwatson Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include. Discussed with: pjd
Revision 1.307: download - view: text, markup, annotated - select for diffs
Mon Jun 1 10:30:00 2009 UTC (2 years, 8 months ago) by pjd
Branches: MAIN
Diff to: previous 1.306: preferred, colored
Changes since revision 1.306: +8 -17 lines
SVN rev 193217 on 2009-06-01 10:30:00Z by pjd - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistent with OpenBSD (and BSD/OS originally). We can't easly do it SOL_SOCKET option as there is no more space for more SOL_SOCKET options, but this option also fits better as an IP socket option, it seems. - Implement this functionality also for IPv6 and RAW IP sockets. - Always compile it in (don't use additional kernel options). - Remove sysctl to turn this functionality on and off. - Introduce new privilege - PRIV_NETINET_BINDANY, which allows to use this functionality (currently only unjail root can use it). Discussed with: julian, adrian, jhb, rwatson, kmacy
Revision 1.306: download - view: text, markup, annotated - select for diffs
Thu May 21 09:45:47 2009 UTC (2 years, 8 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.305: preferred, colored
Changes since revision 1.305: +12 -7 lines
SVN rev 192528 on 2009-05-21 09:45:47Z by rwatson Consolidate and clean up the first section of ip_output.c in light of the last year or two's work on routing: - Combine iproute initialization and flowtable lookup blocks, eliminating unnecessary tests for known-zero'd iproute fields. - Add a comment indicating (a) why the route entry returned by the flowtable is considered stable and (b) that the flowtable lookup must occur after the setup of the mbuf flow ID. - Assert the inpcb lock before any use of inpcb fields. Reviewed by: kmacy
Revision 1.305: download - view: text, markup, annotated - select for diffs
Tue Apr 28 11:10:33 2009 UTC (2 years, 9 months ago) by trasz
Branches: MAIN
Diff to: previous 1.304: preferred, colored
Changes since revision 1.304: +20 -0 lines
SVN rev 191621 on 2009-04-28 11:10:33Z by trasz Don't require packet to match a route (any route; this information wasn't used anyway, so a typical workaround was to add a dummy route) if it's going to be sent through IPSec tunnel. Reviewed by: bz
Revision 1.304: download - view: text, markup, annotated - select for diffs
Sun Apr 19 04:44:05 2009 UTC (2 years, 9 months ago) by kmacy
Branches: MAIN
Diff to: previous 1.303: preferred, colored
Changes since revision 1.303: +9 -2 lines
SVN rev 191259 on 2009-04-19 04:44:05Z by kmacy - Allocate a small flowtable in ip_input.c (changeable by tuneable) - Use for accelerating ip_output
Revision 1.303: download - view: text, markup, annotated - select for diffs
Thu Apr 16 20:30:28 2009 UTC (2 years, 9 months ago) by kmacy
Branches: MAIN
Diff to: previous 1.302: preferred, colored
Changes since revision 1.302: +2 -2 lines
SVN rev 191148 on 2009-04-16 20:30:28Z by kmacy Change if_output to take a struct route as its fourth argument in order to allow passing a cached struct llentry * down to L2 Reviewed by: rwatson
Revision 1.276.2.7.2.1: download - view: text, markup, annotated - select for diffs
Wed Apr 15 03:14:26 2009 UTC (2 years, 9 months ago) by kensmith
Branches: RELENG_7_2
CVS tags: RELENG_7_2_0_RELEASE
Diff to: previous 1.276.2.7: preferred, colored; next MAIN 1.276.2.8: preferred, colored
Changes since revision 1.276.2.7: +0 -0 lines
SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE. Approved by: re (implicit)
Revision 1.242.2.22: download - view: text, markup, annotated - select for diffs
Tue Apr 14 16:45:17 2009 UTC (2 years, 9 months ago) by emaste
Branches: RELENG_6
Diff to: previous 1.242.2.21: preferred, colored; branchpoint 1.242: preferred, colored; next MAIN 1.243: preferred, colored
Changes since revision 1.242.2.21: +20 -0 lines
SVN rev 191063 on 2009-04-14 16:45:17Z by emaste MFC r171746 by csjp Summary: - We disallow multicast operations on divert sockets. It really doesn't make semantic sense to allow this, since typically you would set multicast parameters on multicast end points. NOTE: As a part of this change, we actually dis-allow multicast options on any socket that IS a divert socket OR IS NOT a SOCK_RAW or SOCK_DGRAM family - We check to see if there are any socket options that have been specified on the socket, and if there was (which is very un-common and also probably doesnt make sense to support) we duplicate the mbuf carrying the options. - We then drop the INP/INFO locks over the call to ip_output(). It should be noted that since we no longer support multicast operations on divert sockets and we have duplicated any socket options, we no longer need the reference to the pcb to be coherent. - Finally, we replaced the call to ip_input() to use netisr queuing. This should remove the recursive entry into the IP stack from divert. (The ip_output.c changes come from in_mcast.c in head.)
Revision 1.302: download - view: text, markup, annotated - select for diffs
Sat Apr 11 23:35:20 2009 UTC (2 years, 10 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.301: preferred, colored
Changes since revision 1.301: +13 -13 lines
SVN rev 190951 on 2009-04-11 23:35:20Z by rwatson Update stats in struct ipstat using four new macros, IPSTAT_ADD(), IPSTAT_INC(), IPSTAT_SUB(), and IPSTAT_DEC(), rather than directly manipulating the fields across the kernel. This will make it easier to change the implementation of these statistics, such as using per-CPU versions of the data structures. MFC after: 3 days
Revision 1.242.2.21: download - view: text, markup, annotated - select for diffs
Fri Apr 10 11:08:27 2009 UTC (2 years, 10 months ago) by bz
Branches: RELENG_6
Diff to: previous 1.242.2.20: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.20: +3 -0 lines
SVN rev 190890 on 2009-04-10 11:08:27Z by bz Fix a locking bug introduced in r190369 - add a missing unlock operation on the pcbinfo. Also porperly protect the inp before releasing the lock as in 6.x inps can possibly become invalid at that point. [1] PR: kern/133415 PR: kern/133445 Tested by: eugen kuzbass.ru (Eugene Grosbein) Discussed with: rwatson [1] Pointy hat: obrien
Revision 1.301: download - view: text, markup, annotated - select for diffs
Fri Apr 10 06:16:14 2009 UTC (2 years, 10 months ago) by kmacy
Branches: MAIN
Diff to: previous 1.300: preferred, colored
Changes since revision 1.300: +4 -0 lines
SVN rev 190880 on 2009-04-10 06:16:14Z by kmacy Import "flowid" support for serializing flows across transmit queues Reviewed by: rwatson and jeli
Revision 1.242.2.20: download - view: text, markup, annotated - select for diffs
Tue Mar 24 10:15:35 2009 UTC (2 years, 10 months ago) by obrien
Branches: RELENG_6
Diff to: previous 1.242.2.19: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.19: +3 -0 lines
SVN rev 190369 on 2009-03-24 10:15:35Z by obrien Follow the lead of r164728 and grab the pcbinfo lock for some additional dereferences of so_pcb. Reviewed by: rwatson
Revision 1.300: download - view: text, markup, annotated - select for diffs
Wed Mar 4 03:45:34 2009 UTC (2 years, 11 months ago) by bms
Branches: MAIN
Diff to: previous 1.299: preferred, colored
Changes since revision 1.299: +14 -17 lines
SVN rev 189359 on 2009-03-04 03:45:34Z by bms In ip_output(), do not acquire the IN_MULTI_LOCK(), and do not attempt to perform a group lookup. This is a socket layer lock, and the bottom half of IP really has no business taking it. Use the value of the in_mcast_loop sysctl to determine if we should loop back by default, in the absence of any multicast socket options. Because the check on group membership is now deferred to the input path, an m_copym() is now required. This should increase multicast send performance where the source has not requested loopback, although this has not been benchmarked or measured. It is also a necessary change for IN_MULTI_LOCK to become non-recursive, which is required in order to implement IGMPv3 in a thread-safe way.
Revision 1.299: download - view: text, markup, annotated - select for diffs
Fri Feb 27 14:12:05 2009 UTC (2 years, 11 months ago) by bz
Branches: MAIN
Diff to: previous 1.298: preferred, colored
Changes since revision 1.298: +1 -0 lines
SVN rev 189106 on 2009-02-27 14:12:05Z by bz For all files including net/vnet.h directly include opt_route.h and net/route.h. Remove the hidden include of opt_route.h and net/route.h from net/vnet.h. We need to make sure that both opt_route.h and net/route.h are included before net/vnet.h because of the way MRT figures out the number of FIBs from the kernel option. If we do not, we end up with the default number of 1 when including net/vnet.h and array sizes are wrong. This does not change the list of files which depend on opt_route.h but we can identify them now more easily.
Revision 1.298: download - view: text, markup, annotated - select for diffs
Sun Feb 8 09:27:07 2009 UTC (3 years ago) by bz
Branches: MAIN
Diff to: previous 1.297: preferred, colored
Changes since revision 1.297: +2 -2 lines
SVN rev 188306 on 2009-02-08 09:27:07Z by bz Try to remove/assimilate as much of formerly IPv4/6 specific (duplicate) code in sys/netipsec/ipsec.c and fold it into common, INET/6 independent functions. The file local functions ipsec4_setspidx_inpcb() and ipsec6_setspidx_inpcb() were 1:1 identical after the change in r186528. Rename to ipsec_setspidx_inpcb() and remove the duplicate. Public functions ipsec[46]_get_policy() were 1:1 identical. Remove one copy and merge in the factored out code from ipsec_get_policy() into the other. The public function left is now called ipsec_get_policy() and callers were adapted. Public functions ipsec[46]_set_policy() were 1:1 identical. Rename file local ipsec_set_policy() function to ipsec_set_policy_internal(). Remove one copy of the public functions, rename the other to ipsec_set_policy() and adapt callers. Public functions ipsec[46]_hdrsiz() were logically identical (ignoring one questionable assert in the v6 version). Rename the file local ipsec_hdrsiz() to ipsec_hdrsiz_internal(), the public function to ipsec_hdrsiz(), remove the duplicate copy and adapt the callers. The v6 version had been unused anyway. Cleanup comments. Public functions ipsec[46]_in_reject() were logically identical apart from statistics. Move the common code into a file local ipsec46_in_reject() leaving vimage+statistics in small AF specific wrapper functions. Note: unfortunately we already have a public ipsec_in_reject(). Reviewed by: sam Discussed with: rwatson (renaming to *_internal) MFC after: 26 days X-MFC: keep wrapper functions for public symbols?
Revision 1.297: download - view: text, markup, annotated - select for diffs
Tue Feb 3 11:00:43 2009 UTC (3 years ago) by rrs
Branches: MAIN
Diff to: previous 1.296: preferred, colored
Changes since revision 1.296: +26 -2 lines
SVN rev 188066 on 2009-02-03 11:00:43Z by rrs Adds support for SCTP checksum offload. This means we, like TCP and UDP, move the checksum calculation into the IP routines when there is no hardware support we call into the normal SCTP checksum routine. The next round of SCTP updates will use this functionality. Of course the IGB driver needs a few updates to support the new intel controller set that actually does SCTP csum offload too. Reviewed by: gnn, rwatson, kmacy
Revision 1.242.2.19: download - view: text, markup, annotated - select for diffs
Sun Feb 1 20:18:27 2009 UTC (3 years ago) by rwatson
Branches: RELENG_6
Diff to: previous 1.242.2.18: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.18: +1 -1 lines
SVN rev 187988 on 2009-02-01 20:18:27Z by rwatson
Merge r187987 from stable/7 to stable/6:
Merge r186717 from head to stable/7:
Allow the IP_MINTTL socket option to be set to 0 so that it can be
disabled entirely, which is its default state before set to a
non-zero value.
PR: 128790
Submitted by: Nick Hilliard <nick at foobar dot org>
Revision 1.276.2.7: download - view: text, markup, annotated - select for diffs
Sun Feb 1 19:20:45 2009 UTC (3 years ago) by rwatson
Branches: RELENG_7
CVS tags: RELENG_7_4_BP, RELENG_7_3_BP, RELENG_7_2_BP
Branch point for: RELENG_7_4, RELENG_7_3, RELENG_7_2
Diff to: previous 1.276.2.6: preferred, colored; branchpoint 1.276: preferred, colored
Changes since revision 1.276.2.6: +1 -1 lines
SVN rev 187987 on 2009-02-01 19:20:45Z by rwatson Merge r186717 from head to stable/7: Allow the IP_MINTTL socket option to be set to 0 so that it can be disabled entirely, which is its default state before set to a non-zero value. PR: 128790 Submitted by: Nick Hilliard <nick at foobar dot org>
Revision 1.296: download - view: text, markup, annotated - select for diffs
Fri Jan 9 17:21:22 2009 UTC (3 years, 1 month ago) by adrian
Branches: MAIN
Diff to: previous 1.295: preferred, colored
Changes since revision 1.295: +4 -3 lines
SVN rev 186961 on 2009-01-09 17:21:22Z by adrian Fix indentation; add FALLTHROUGH. Thanks Max!
Revision 1.295: download - view: text, markup, annotated - select for diffs
Fri Jan 9 16:02:19 2009 UTC (3 years, 1 month ago) by adrian
Branches: MAIN
Diff to: previous 1.294: preferred, colored
Changes since revision 1.294: +19 -0 lines
SVN rev 186955 on 2009-01-09 16:02:19Z by adrian Implement a new IP option (not compiled/enabled by default) to allow applications to specify a non-local IP address when bind()'ing a socket to a local endpoint. This allows applications to spoof the client IP address of connections if (obviously!) they somehow are able to receive the traffic normally destined to said clients. This patch doesn't include any changes to ipfw or the bridging code to redirect the client traffic through the PCB checks so TCP gets a shot at it. The normal behaviour is that packets with a non-local destination IP address are not handled locally. This can be dealth with some IPFW hackery; modifications to IPFW to make this less hacky will occur in subsequent commmits. Thanks to Julian Elischer and others at Ironport. This work was approved and donated before Cisco acquired them. Obtained from: Julian Elischer and others MFC after: 2 weeks
Revision 1.294: download - view: text, markup, annotated - select for diffs
Sat Jan 3 11:35:31 2009 UTC (3 years, 1 month ago) by rwatson
Branches: MAIN
Diff to: previous 1.293: preferred, colored
Changes since revision 1.293: +1 -1 lines
SVN rev 186717 on 2009-01-03 11:35:31Z by rwatson Allow the IP_MINTTL socket option to be set to 0 so that it can be disabled entirely, which is its default state before set to a non-zero value. PR: 128790 Submitted by: Nick Hilliard <nick at foobar dot org> MFC after: 3 weeks
Revision 1.293: download - view: text, markup, annotated - select for diffs
Mon Dec 15 06:10:57 2008 UTC (3 years, 1 month ago) by qingli
Branches: MAIN
Diff to: previous 1.292: preferred, colored
Changes since revision 1.292: +0 -1 lines
SVN rev 186119 on 2008-12-15 06:10:57Z by qingli
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
Revision 1.292: download - view: text, markup, annotated - select for diffs
Wed Dec 10 23:12:39 2008 UTC (3 years, 2 months ago) by zec
Branches: MAIN
Diff to: previous 1.291: preferred, colored
Changes since revision 1.291: +0 -1 lines
SVN rev 185895 on 2008-12-10 23:12:39Z by zec Conditionally compile out V_ globals while instantiating the appropriate container structures, depending on VIMAGE_GLOBALS compile time option. Make VIMAGE_GLOBALS a new compile-time option, which by default will not be defined, resulting in instatiations of global variables selected for V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be effectively compiled out. Instantiate new global container structures to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0, vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0. Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_ macros resolve either to the original globals, or to fields inside container structures, i.e. effectively #ifdef VIMAGE_GLOBALS #define V_rt_tables rt_tables #else #define V_rt_tables vnet_net_0._rt_tables #endif Update SYSCTL_V_*() macros to operate either on globals or on fields inside container structs. Extend the internal kldsym() lookups with the ability to resolve selected fields inside the virtualization container structs. This applies only to the fields which are explicitly registered for kldsym() visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently this is done only in sys/net/if.c. Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code, and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in turn result in proper code being generated depending on VIMAGE_GLOBALS. De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c which were prematurely V_irtualized by automated V_ prepending scripts during earlier merging steps. PF virtualization will be done separately, most probably after next PF import. Convert a few variable initializations at instantiation to initialization in init functions, most notably in ipfw. Also convert TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in initializer functions. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
Revision 1.291: download - view: text, markup, annotated - select for diffs
Tue Dec 2 21:37:28 2008 UTC (3 years, 2 months ago) by bz
Branches: MAIN
Diff to: previous 1.290: preferred, colored
Changes since revision 1.290: +2 -0 lines
SVN rev 185571 on 2008-12-02 21:37:28Z by bz Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files. For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h. Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
Revision 1.290: download - view: text, markup, annotated - select for diffs
Wed Nov 26 22:32:07 2008 UTC (3 years, 2 months ago) by zec
Branches: MAIN
Diff to: previous 1.289: preferred, colored
Changes since revision 1.289: +1 -0 lines
SVN rev 185348 on 2008-11-26 22:32:07Z by zec Merge more of currently non-functional (i.e. resolving to whitespace) macros from p4/vimage branch. Do a better job at enclosing all instantiations of globals scheduled for virtualization in #ifdef VIMAGE_GLOBALS blocks. De-virtualize and mark as const saorder_state_alive and saorder_state_any arrays from ipsec code, given that they are never updated at runtime, so virtualizing them would be pointless. Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
Revision 1.276.2.5.2.2: download - view: text, markup, annotated - select for diffs
Tue Nov 25 20:02:47 2008 UTC (3 years, 2 months ago) by julian
Branches: RELENG_7_1
CVS tags: RELENG_7_1_0_RELEASE
Diff to: previous 1.276.2.5.2.1: preferred, colored; branchpoint 1.276.2.5: preferred, colored; next MAIN 1.276.2.6: preferred, colored
Changes since revision 1.276.2.5.2.1: +8 -1 lines
SVN rev 185317 on 2008-11-25 20:02:47Z by julian MFC @ 185101 Fix a scope problem in the multiple routing table code that stopped the SO_SETFIB socket option from working correctly. Approved by: re (kensmith, kostik) Obtained from: Ironport
Revision 1.276.2.6: download - view: text, markup, annotated - select for diffs
Tue Nov 25 19:26:36 2008 UTC (3 years, 2 months ago) by julian
Branches: RELENG_7
Diff to: previous 1.276.2.5: preferred, colored; branchpoint 1.276: preferred, colored
Changes since revision 1.276.2.5: +8 -1 lines
SVN rev 185311 on 2008-11-25 19:26:36Z by julian MFC @ 185101 Fix a scope problem in the multiple routing table code that stopped the SO_SETFIB socket option from working correctly. Approved by: re (kensmith, kostik) Obtained from: Ironport
Revision 1.276.2.5.2.1: download - view: text, markup, annotated - select for diffs
Tue Nov 25 02:59:29 2008 UTC (3 years, 2 months ago) by kensmith
Branches: RELENG_7_1
Diff to: previous 1.276.2.5: preferred, colored
Changes since revision 1.276.2.5: +0 -0 lines
SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith Create releng/7.1 in preparation for moving into RC phase of 7.1 release cycle. Approved by: re (implicit)
Revision 1.289: download - view: text, markup, annotated - select for diffs
Wed Nov 19 19:19:30 2008 UTC (3 years, 2 months ago) by julian
Branches: MAIN
Diff to: previous 1.288: preferred, colored
Changes since revision 1.288: +8 -1 lines
SVN rev 185101 on 2008-11-19 19:19:30Z by julian Fix a scope problem in the multiple routing table code that stopped the SO_SETFIB socket option from working correctly. Obtained from: Ironport MFC after: 3 days
Revision 1.288: download - view: text, markup, annotated - select for diffs
Wed Nov 19 09:39:34 2008 UTC (3 years, 2 months ago) by zec
Branches: MAIN
Diff to: previous 1.287: preferred, colored
Changes since revision 1.287: +2 -0 lines
SVN rev 185088 on 2008-11-19 09:39:34Z by zec Change the initialization methodology for global variables scheduled for virtualization. Instead of initializing the affected global variables at instatiation, assign initial values to them in initializer functions. As a rule, initialization at instatiation for such variables should never be introduced again from now on. Furthermore, enclose all instantiations of such global variables in #ifdef VIMAGE_GLOBALS blocks. Essentialy, this change should have zero functional impact. In the next phase of merging network stack virtualization infrastructure from p4/vimage branch, the new initialization methology will allow us to switch between using global variables and their counterparts residing in virtualization containers with minimum code churn, and in the long run allow us to intialize multiple instances of such container structures. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
Revision 1.287: download - view: text, markup, annotated - select for diffs
Thu Oct 2 15:37:58 2008 UTC (3 years, 4 months ago) by zec
Branches: MAIN
Diff to: previous 1.286: preferred, colored
Changes since revision 1.286: +3 -0 lines
SVN rev 183550 on 2008-10-02 15:37:58Z by zec Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
Revision 1.242.2.18.4.1: download - view: text, markup, annotated - select for diffs
Thu Oct 2 02:57:24 2008 UTC (3 years, 4 months ago) by kensmith
Branches: RELENG_6_4
CVS tags: RELENG_6_4_0_RELEASE
Diff to: previous 1.242.2.18: preferred, colored; next MAIN 1.242.2.19: preferred, colored
Changes since revision 1.242.2.18: +0 -0 lines
SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith Create releng/6.4 from stable/6 in preparation for 6.4-RC1. Approved by: re (implicit)
Revision 1.276.2.5: download - view: text, markup, annotated - select for diffs
Wed Sep 3 22:40:38 2008 UTC (3 years, 5 months ago) by gnn
Branches: RELENG_7
CVS tags: RELENG_7_1_BP
Branch point for: RELENG_7_1
Diff to: previous 1.276.2.4: preferred, colored; branchpoint 1.276: preferred, colored
Changes since revision 1.276.2.4: +5 -1 lines
SVN rev 182744 on 2008-09-03 22:40:38Z by gnn MFC of change 182463. Fix a bug in the multicast loopback code that causes packets that are looped back to have the wrong checksum when transmitted on the wire. PR: kern/119635 Reviewed by: rwatson Approved by: re (rwatson)
Revision 1.276.2.4: download - view: text, markup, annotated - select for diffs
Sun Aug 31 22:05:31 2008 UTC (3 years, 5 months ago) by rwatson
Branches: RELENG_7
Diff to: previous 1.276.2.3: preferred, colored; branchpoint 1.276: preferred, colored
Changes since revision 1.276.2.3: +0 -17 lines
SVN rev 182576 on 2008-08-31 22:05:31Z by rwatson Merge r181966 from head to stable/7: Remove comments and #ifdef notyet'd code relating to directly dispatching the IP multicast input code from the output path; we don't allow reentrance of the input path from the IP output path, it must use the netisr due to potential lock recursion.
Revision 1.286: download - view: text, markup, annotated - select for diffs
Fri Aug 29 20:42:58 2008 UTC (3 years, 5 months ago) by gnn
Branches: MAIN
Diff to: previous 1.285: preferred, colored
Changes since revision 1.285: +5 -1 lines
SVN rev 182463 on 2008-08-29 20:42:58Z by gnn Fix a bug whereby multicast packets that are looped back locally wind up with the incorrect checksum on the wire when transmitted via devices that do checksum offloading. PR: kern/119635 Reviewed by: rwatson MFC after: 5 days
Revision 1.285: download - view: text, markup, annotated - select for diffs
Thu Aug 21 17:24:49 2008 UTC (3 years, 5 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.284: preferred, colored
Changes since revision 1.284: +0 -17 lines
SVN rev 181966 on 2008-08-21 17:24:49Z by rwatson Remove comments and #ifdef notyet'd code relating to directly dispatching the IP multicast input code from the output path; we don't allow reentrance of the input path from the IP output path, it must use the netisr due to potential lock recursion. MFC after: 3 days
Revision 1.276.2.3: download - view: text, markup, annotated - select for diffs
Mon Aug 18 08:11:48 2008 UTC (3 years, 5 months ago) by rwatson
Branches: RELENG_7
Diff to: previous 1.276.2.2: preferred, colored; branchpoint 1.276: preferred, colored
Changes since revision 1.276.2.2: +6 -6 lines
SVN rev 181822 on 2008-08-18 08:11:48Z by rwatson Merge r178285, r178318, r178319, r178320, r178321, r178322, r178325, r178376, r178377, r178378, r178419, r179412, r179414, r180127, r180338, r180343, r180344, r180346, r180348, r180368, r180422, r180429, r180536, r180558, r180589, r181364, r181365 from head to stable/7: Introduce and use rwlocks throughout the inpcbinfo and inpcb infrastructure, and protocols that depend on that infrastructure, including UDP, TCP, and IP raw sockets. Significant parts of this work were reviewed by Bjoern Zeeb, and tested by Paul Saab, Kris Keneway, and George Neville-Neil, whose contributions to this work are greatly appreciated. Tested by: ps, kris, gnn, Mike Tancsa <mike at sentex dot net> Reviewed by: bz, des
Revision 1.284: download - view: text, markup, annotated - select for diffs
Sun Aug 17 23:27:27 2008 UTC (3 years, 5 months ago) by bz
Branches: MAIN
Diff to: previous 1.283: preferred, colored
Changes since revision 1.283: +18 -17 lines
SVN rev 181803 on 2008-08-17 23:27:27Z by bz Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
Revision 1.276.2.2: download - view: text, markup, annotated - select for diffs
Thu Jul 24 01:13:22 2008 UTC (3 years, 6 months ago) by julian
Branches: RELENG_7
Diff to: previous 1.276.2.1: preferred, colored; branchpoint 1.276: preferred, colored
Changes since revision 1.276.2.1: +2 -1 lines
SVN rev 180774 on 2008-07-24 01:13:22Z by julian MFC an ABI compatible implementation of Multiple routing tables. See the commit message for http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/route.c version 1.129 (svn change # 178888) for more info. Obtained from: Ironport (Cisco Systems)
Revision 1.283: download - view: text, markup, annotated - select for diffs
Fri May 9 23:02:57 2008 UTC (3 years, 9 months ago) by julian
Branches: MAIN
Diff to: previous 1.282: preferred, colored
Changes since revision 1.282: +5 -3 lines
Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)
Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.
From my notes:
-----
One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.
Constraints:
------------
I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.
One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".
One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.
This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.
Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.
To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.
The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.
The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.
In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.
One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).
You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.
This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.
Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.
Packets fall into one of a number of classes.
1/ locally generated packets, coming from a socket/PCB.
Such packets select a FIB from a number associated with the
socket/PCB. This in turn is inherited from the process,
but can be changed by a socket option. The process in turn
inherits it on fork. I have written a utility call setfib
that acts a bit like nice..
setfib -3 ping target.example.com # will use fib 3 for ping.
It is an obvious extension to make it a property of a jail
but I have not done so. It can be achieved by combining the setfib and
jail commands.
2/ packets received on an interface for forwarding.
By default these packets would use table 0,
(or possibly a number settable in a sysctl(not yet)).
but prior to routing the firewall can inspect them (see below).
(possibly in the future you may be able to associate a FIB
with packets received on an interface.. An ifconfig arg, but not yet.)
3/ packets inspected by a packet classifier, which can arbitrarily
associate a fib with it on a packet by packet basis.
A fib assigned to a packet by a packet classifier
(such as ipfw) would over-ride a fib associated by
a more default source. (such as cases 1 or 2).
4/ a tcp listen socket associated with a fib will generate
accept sockets that are associated with that same fib.
5/ Packets generated in response to some other packet (e.g. reset
or icmp packets). These should use the FIB associated with the
packet being reponded to.
6/ Packets generated during encapsulation.
gif, tun and other tunnel interfaces will encapsulate using the FIB
that was in effect withthe proces that set up the tunnel.
thus setfib 1 ifconfig gif0 [tunnel instructions]
will set the fib for the tunnel to use to be fib 1.
Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)
In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.
In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.
Early testing experience:
-------------------------
Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.
For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.
Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.
ipfw has grown 2 new keywords:
setfib N ip from anay to any
count ip from any to any fib N
In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.
SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.
Where to next:
--------------------
After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.
Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.
My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.
When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.
Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.
This work was sponsored by Ironport Systems/Cisco
Reviewed by: several including rwatson, bz and mlair (parts each)
Obtained from: Ironport systems/Cisco
Revision 1.282: download - view: text, markup, annotated - select for diffs
Sat Apr 19 14:35:17 2008 UTC (3 years, 9 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.281: preferred, colored
Changes since revision 1.281: +1 -1 lines
In ip_output(), allow a read lock as well as a write lock when asserting a lock on the passed inpcb. MFC after: 3 months
Revision 1.281: download - view: text, markup, annotated - select for diffs
Thu Apr 17 21:38:16 2008 UTC (3 years, 9 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.280: preferred, colored
Changes since revision 1.280: +7 -7 lines
Convert pcbinfo and inpcb mutexes to rwlocks, and modify macros to explicitly select write locking for all use of the inpcb mutex. Update some pcbinfo lock assertions to assert locked rather than write-locked, although in practice almost all uses of the pcbinfo rwlock main exclusive, and all instances of inpcb lock acquisition are exclusive. This change should introduce (ideally) little functional change. However, it lays the groundwork for significantly increased parallelism in the TCP/IP code. MFC after: 3 months Tested by: kris (superset of committered patch)
Revision 1.280: download - view: text, markup, annotated - select for diffs
Sun Apr 13 05:45:14 2008 UTC (3 years, 9 months ago) by qingli
Branches: MAIN
Diff to: previous 1.279: preferred, colored
Changes since revision 1.279: +9 -0 lines
This patch provides the back end support for equal-cost multi-path (ECMP) for both IPv4 and IPv6. Previously, multipath route insertion is disallowed. For example, route add -net 192.103.54.0/24 10.9.44.1 route add -net 192.103.54.0/24 10.9.44.2 The second route insertion will trigger an error message of "add net 192.103.54.0/24: gateway 10.2.5.2: route already in table" Multiple default routes can also be inserted. Here is the netstat output: default 10.2.5.1 UGS 0 3074 bge0 => default 10.2.5.2 UGS 0 0 bge0 When multipath routes exist, the "route delete" command requires a specific gateway to be specified or else an error message would be displayed. For example, route delete default would fail and trigger the following error message: "route: writing to routing socket: No such process" "delete net default: not in table" On the other hand, route delete default 10.2.5.2 would be successful: "delete net default: gateway 10.2.5.2" One does not have to specify a gateway if there is only a single route for a particular destination. I need to perform more testings on address aliases and multiple interfaces that have the same IP prefixes. This patch as it stands today is not yet ready for prime time. Therefore, the ECMP code fragments are fully guarded by the RADIX_MPATH macro. Include the "options RADIX_MPATH" in the kernel configuration to enable this feature. Reviewed by: robert, sam, gnn, julian, kmacy
Revision 1.279: download - view: text, markup, annotated - select for diffs
Tue Mar 25 09:39:00 2008 UTC (3 years, 10 months ago) by ru
Branches: MAIN
Diff to: previous 1.278: preferred, colored
Changes since revision 1.278: +1 -1 lines
Replaced the misleading uses of a historical artefact M_TRYWAIT with M_WAIT. Removed dead code that assumed that M_TRYWAIT can return NULL; it's not true since the advent of MBUMA. Reviewed by: arch There are ongoing disputes as to whether we want to switch to directly using UMA flags M_WAITOK/M_NOWAIT for mbuf(9) allocation.
Revision 1.276.2.1: download - view: text, markup, annotated - select for diffs
Sun Mar 9 21:04:54 2008 UTC (3 years, 11 months ago) by bz
Branches: RELENG_7
Diff to: previous 1.276: preferred, colored
Changes since revision 1.276: +5 -20 lines
MFC 1.278 sys/netinet/ip_output.c 1.114 sys/netinet6/ip6_output.c 1.26 sys/netipsec/ipsec.c 1.15 sys/netipsec/ipsec.h 1.4 sys/netipsec/ipsec6.h Rather than passing around a cached 'priv', pass in an ucred to ipsec*_set_policy and do the privilege check only if needed. Try to assimilate both ip*_ctloutput code blocks calling ipsec*_set_policy.
Revision 1.278: download - view: text, markup, annotated - select for diffs
Sat Feb 2 14:11:31 2008 UTC (4 years ago) by bz
Branches: MAIN
Diff to: previous 1.277: preferred, colored
Changes since revision 1.277: +5 -20 lines
Rather than passing around a cached 'priv', pass in an ucred to ipsec*_set_policy and do the privilege check only if needed. Try to assimilate both ip*_ctloutput code blocks calling ipsec*_set_policy. Reviewed by: rwatson
Revision 1.277: download - view: text, markup, annotated - select for diffs
Wed Oct 24 19:03:59 2007 UTC (4 years, 3 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.276: preferred, colored
Changes since revision 1.276: +1 -1 lines
Merge first in a series of TrustedBSD MAC Framework KPI changes
from Mac OS X Leopard--rationalize naming for entry points to
the following general forms:
mac_<object>_<method/action>
mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly
reversed from the new scheme. Also, make object types more
consistent and remove spaces from object types that contain
multiple parts ("posix_sem" -> "posixsem") to make mechanical
parsing easier. Introduce a new "netinet" object type for
certain IPv4/IPv6-related methods. Also simplify, slightly,
some entry point names.
All MAC policy modules will need to be recompiled, and modules
not updates as part of this commit will need to be modified to
conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X)
Obtained from: TrustedBSD Project, Apple Computer
Revision 1.276: download - view: text, markup, annotated - select for diffs
Sun Oct 7 20:44:23 2007 UTC (4 years, 4 months ago) by silby
Branches: MAIN
CVS tags: RELENG_7_BP, RELENG_7_0_BP, RELENG_7_0_0_RELEASE, RELENG_7_0
Branch point for: RELENG_7
Diff to: previous 1.275: preferred, colored
Changes since revision 1.275: +3 -1 lines
Add FBSDID to all files in netinet so that people can more easily include file version information in bug reports. Approved by: re (kensmith)
Revision 1.275: download - view: text, markup, annotated - select for diffs
Tue Jul 3 12:13:43 2007 UTC (4 years, 7 months ago) by gnn
Branches: MAIN
Diff to: previous 1.274: preferred, colored
Changes since revision 1.274: +8 -8 lines
Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC option is now deprecated, as well as the KAME IPsec code. What was FAST_IPSEC is now IPSEC. Approved by: re Sponsored by: Secure Computing
Revision 1.274: download - view: text, markup, annotated - select for diffs
Sun Jul 1 11:38:27 2007 UTC (4 years, 7 months ago) by gnn
Branches: MAIN
Diff to: previous 1.273: preferred, colored
Changes since revision 1.273: +8 -21 lines
Commit IPv6 support for FAST_IPSEC to the tree. This commit includes only the kernel files, the rest of the files will follow in a second commit. Reviewed by: bz Approved by: re Supported by: Secure Computing
Revision 1.273: download - view: text, markup, annotated - select for diffs
Tue Jun 12 16:24:53 2007 UTC (4 years, 8 months ago) by bms
Branches: MAIN
Diff to: previous 1.272: preferred, colored
Changes since revision 1.272: +22 -478 lines
Import rewrite of IPv4 socket multicast layer to support source-specific and protocol-independent host mode multicast. The code is written to accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work. This change only pertains to FreeBSD's use as a multicast end-station and does not concern multicast routing; for an IGMPv3/MLDv2 router implementation, consider the XORP project. The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6, which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html Summary * IPv4 multicast socket processing is now moved out of ip_output.c into a new module, in_mcast.c. * The in_mcast.c module implements the IPv4 legacy any-source API in terms of the protocol-independent source-specific API. * Source filters are lazy allocated as the common case does not use them. They are part of per inpcb state and are covered by the inpcb lock. * struct ip_mreqn is now supported to allow applications to specify multicast joins by interface index in the legacy IPv4 any-source API. * In UDP, an incoming multicast datagram only requires that the source port matches the 4-tuple if the socket was already bound by source port. An unbound socket SHOULD be able to receive multicasts sent from an ephemeral source port. * The UDP socket multicast filter mode defaults to exclusive, that is, sources present in the per-socket list will be blocked from delivery. * The RFC 3678 userland functions have been added to libc: setsourcefilter, getsourcefilter, setipv4sourcefilter, getipv4sourcefilter. * Definitions for IGMPv3 are merged but not yet used. * struct sockaddr_storage is now referenced from <netinet/in.h>. It is therefore defined there if not already declared in the same way as for the C99 types. * The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF which are then interpreted as interface indexes) is now deprecated. * A patch for the Rhyolite.com routed in the FreeBSD base system is available in the -net archives. This only affects individuals running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces. * Make IPv6 detach path similar to IPv4's in code flow; functionally same. * Bump __FreeBSD_version to 700048; see UPDATING. This work was financially supported by another FreeBSD committer. Obtained from: p4://bms_netdev Submitted by: Wilbert de Graaf (original work) Reviewed by: rwatson (locking), silence from fenner, net@ (but with encouragement)
Revision 1.272: download - view: text, markup, annotated - select for diffs
Thu May 10 15:58:48 2007 UTC (4 years, 9 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.271: preferred, colored
Changes since revision 1.271: +8 -16 lines
Move universally to ANSI C function declarations, with relatively consistent style(9)-ish layout.
Revision 1.271: download - view: text, markup, annotated - select for diffs
Fri Mar 23 09:43:36 2007 UTC (4 years, 10 months ago) by bms
Branches: MAIN
Diff to: previous 1.270: preferred, colored
Changes since revision 1.270: +0 -2 lines
Purge two redundant case labels.
Revision 1.242.2.18: download - view: text, markup, annotated - select for diffs
Thu Mar 8 13:19:03 2007 UTC (4 years, 11 months ago) by bms
Branches: RELENG_6
CVS tags: RELENG_6_4_BP, RELENG_6_3_BP, RELENG_6_3_0_RELEASE, RELENG_6_3
Branch point for: RELENG_6_4
Diff to: previous 1.242.2.17: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.17: +14 -11 lines
MFC rev 1.270: Fix undirected broadcast sends for the case where SO_DONTROUTE has also been set at the socket layer, in our somewhat convoluted IPv4 source selection logic in ip_output(). IP_ONESBCAST is actually a special case of SO_DONTROUTE, as 255.255.255.255 must always be delivered on a local link with a TTL of 1. If IP_ONESBCAST has been set at the socket layer, also perform destination interface lookup for point-to-point interfaces based on the destination address of the link; previously it was not possible to use the option with such interfaces; also, the destination/broadcast address fields map to the same field within struct ifnet, which doesn't help matters. Reviewed by: andre
Revision 1.270: download - view: text, markup, annotated - select for diffs
Thu Mar 1 13:29:30 2007 UTC (4 years, 11 months ago) by bms
Branches: MAIN
Diff to: previous 1.269: preferred, colored
Changes since revision 1.269: +14 -11 lines
Fix undirected broadcast sends for the case where SO_DONTROUTE has also been set at the socket layer, in our somewhat convoluted IPv4 source selection logic in ip_output(). IP_ONESBCAST is actually a special case of SO_DONTROUTE, as 255.255.255.255 must always be delivered on a local link with a TTL of 1. If IP_ONESBCAST has been set at the socket layer, also perform destination interface lookup for point-to-point interfaces based on the destination address of the link; previously it was not possible to use the option with such interfaces; also, the destination/broadcast address fields map to the same field within struct ifnet, which doesn't help matters. One more valid fix going forward for these issues is to treat 255.255.255.255 as a destination in its own right in the forwarding trie. Other implementations do this. It fits with the use of multiple paths, though it then becomes necessary to specify interface preference. This hack will eventually go away when that comes to pass. Reviewed by: andre MFC after: 1 week
Revision 1.269: download - view: text, markup, annotated - select for diffs
Sun Dec 10 13:44:00 2006 UTC (5 years, 2 months ago) by bms
Branches: MAIN
Diff to: previous 1.268: preferred, colored
Changes since revision 1.268: +5 -12 lines
Back out revision 1.264. Fixing the IP accounting issue, if we plan to do so, needs to be better thought out; the 'fix' introduces a hash lookup and a possible kernel panic. Reported by: Mark Tinguely
Revision 1.242.2.16.2.1: download - view: text, markup, annotated - select for diffs
Tue Nov 28 23:19:18 2006 UTC (5 years, 2 months ago) by rwatson
Branches: RELENG_6_2
CVS tags: RELENG_6_2_0_RELEASE
Diff to: previous 1.242.2.16: preferred, colored; next MAIN 1.242.2.17: preferred, colored
Changes since revision 1.242.2.16: +34 -1 lines
Merge ip_output.c:1.242.2.17, ip_var.h:1.95.2.1, tcp_usrreq.c:1.124.2.4 from RELENG_6 to RELENG_6_2: Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact that so_pcb can be invalidated at any time due to an untimely reset. Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which passes a NULL. Modify tcp_ctloutput() to directly invoke ip_ctloutput_pcbinfo() and pass tcbinfo. Hold the pcbinfo lock when dereferencing so_pcb and acquiring the inpcb lock in order to prevent the inpcb from being freed; the pcbinfo lock is then immediately dropped. This is required as TCP may free the inppcb and invalidate so_pcb due to a reset at any time in the RELENG_6 network stack, which otherwise leads to a panic. This panic might be frequently seen on highly loaded IRC and Samba servers, which have long-lasting TCP connections, query socket options frequently, and see a significant number of reset connections. This change has been merged directly to RELENG_6 as the problem does not exist in HEAD, where the invariants for so_pcb are much stronger; the architectural changes in HEAD avoid the need to acquire a global lock in the socket option path. This change will be merged to RELENG_6_2. PR: 102412, 104765 Reviewed by: Diane Bruce <db at db.net> Tested by: Daniel Austin <daniel at kewlio dot net>, Kai Gallasch <gallasch at free dot de> Approved by: re (kensmith)
Revision 1.242.2.17: download - view: text, markup, annotated - select for diffs
Tue Nov 28 21:41:12 2006 UTC (5 years, 2 months ago) by rwatson
Branches: RELENG_6
Diff to: previous 1.242.2.16: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.16: +34 -1 lines
Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact that so_pcb can be invalidated at any time due to an untimely reset. Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which passes a NULL. Modify tcp_ctloutput() to directly invoke ip_ctloutput_pcbinfo() and pass tcbinfo. Hold the pcbinfo lock when dereferencing so_pcb and acquiring the inpcb lock in order to prevent the inpcb from being freed; the pcbinfo lock is then immediately dropped. This is required as TCP may free the inppcb and invalidate so_pcb due to a reset at any time in the RELENG_6 network stack, which otherwise leads to a panic. This panic might be frequently seen on highly loaded IRC and Samba servers, which have long-lasting TCP connections, query socket options frequently, and see a significant number of reset connections. This change has been merged directly to RELENG_6 as the problem does not exist in HEAD, where the invariants for so_pcb are much stronger; the architectural changes in HEAD avoid the need to acquire a global lock in the socket option path. This change will be merged to RELENG_6_2. PR: 102412, 104765 Reviewed by: Diane Bruce <db at db.net> Tested by: Daniel Austin <daniel at kewlio dot net>, Kai Gallasch <gallasch at free dot de>
Revision 1.268: download - view: text, markup, annotated - select for diffs
Mon Nov 6 13:42:04 2006 UTC (5 years, 3 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.267: preferred, colored
Changes since revision 1.267: +15 -2 lines
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
Revision 1.242.2.16: download - view: text, markup, annotated - select for diffs
Tue Oct 24 13:23:03 2006 UTC (5 years, 3 months ago) by rwatson
Branches: RELENG_6
CVS tags: RELENG_6_2_BP
Branch point for: RELENG_6_2
Diff to: previous 1.242.2.15: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.15: +18 -0 lines
Reduce the size of a number of race windows in the TCP socket options processing code: a RST may arrive during a socket option call, causing the PCB to be freed, leading to an invalid pointer dereference. When the kernel blocks in a socket option copyin or memory allocation (such as during heavy paging), the race window is greatly widened. This change re-validates the PCB pointer after returning from the copy/alloc operation. This does not eliminate the problem, but does narrow the window significantly (to the point where it may not be observed at all). The proper fix is in 7.x, which significantly re-works the socket and PCB code so that PCB's are not ripped out from under sockets on reset. However, those changes are not appropriate for an MFC during a release cycle. As a result, this is not an MFC, but new code crafted for 6.x. PR: kern/102412 Reported by: Daniel Austin <daniel at kewlio dot net> Tested by: Diane Bruce <db at db dot net> Reviewed by: Diane Bruce <db at db dot net> Approved by: re (kensmith)
Revision 1.267: download - view: text, markup, annotated - select for diffs
Sun Oct 22 11:52:16 2006 UTC (5 years, 3 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.266: preferred, colored
Changes since revision 1.266: +2 -1 lines
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead. This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd. Obtained from: TrustedBSD Project Sponsored by: SPARTA
Revision 1.242.2.15: download - view: text, markup, annotated - select for diffs
Fri Oct 6 20:26:06 2006 UTC (5 years, 4 months ago) by andre
Branches: RELENG_6
Diff to: previous 1.242.2.14: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.14: +11 -2 lines
MFC: - Fix the socket option IP_ONESBCAST by giving it its own case in ip_output() and skip over the normal IP processing. - Add a supporting function ifa_ifwithbroadaddr() to verify and validate the supplied subnet broadcast address. - Check inp_flags instead of inp_vflag for INP_ONESBCAST flag. PR: kern/99558 Approved by: re (kensmith)
Revision 1.266: download - view: text, markup, annotated - select for diffs
Fri Sep 29 16:44:45 2006 UTC (5 years, 4 months ago) by andre
Branches: MAIN
Diff to: previous 1.265: preferred, colored
Changes since revision 1.265: +2 -2 lines
Remove stone-aged and irrelevant "#ifndef notdef".
Revision 1.242.2.14: download - view: text, markup, annotated - select for diffs
Tue Sep 26 18:28:38 2006 UTC (5 years, 4 months ago) by bms
Branches: RELENG_6
Diff to: previous 1.242.2.13: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.13: +4 -11 lines
Back out rev 1.242.2.13 as it introduces a potentially expensive hash lookup to the ip output path. A better way needs to be found to resolve this. Approved by: re@
Revision 1.242.2.13: download - view: text, markup, annotated - select for diffs
Mon Sep 25 13:02:58 2006 UTC (5 years, 4 months ago) by bms
Branches: RELENG_6
Diff to: previous 1.242.2.12: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.12: +11 -4 lines
MFC: Account for output IP datagrams on the ifaddr where they will be sent from, not the first ifaddr on the ifp. PR: kern/72936 Submitted by: alfred Reviewed by: andre Approved by: re@
Revision 1.265: download - view: text, markup, annotated - select for diffs
Mon Sep 25 10:12:07 2006 UTC (5 years, 4 months ago) by bms
Branches: MAIN
Diff to: previous 1.264: preferred, colored
Changes since revision 1.264: +0 -0 lines
Forced commit to note this change should be MFCed. MFC after: 1 week
Revision 1.264: download - view: text, markup, annotated - select for diffs
Mon Sep 25 10:11:16 2006 UTC (5 years, 4 months ago) by bms
Branches: MAIN
Diff to: previous 1.263: preferred, colored
Changes since revision 1.263: +12 -5 lines
Account for output IP datagrams on the ifaddr where they originated from, *not* the first ifaddr on the ifp. This is similar to what NetBSD does. PR: kern/72936 Submitted by: alfred Reviewed by: andre
Revision 1.263: download - view: text, markup, annotated - select for diffs
Mon Sep 11 19:56:10 2006 UTC (5 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.262: preferred, colored
Changes since revision 1.262: +1 -1 lines
Fix a NULL pointer dereference of ro->ro_rt->rt_flags by checking for the validity of ro->ro_rt first. This prevents crashing on any non-normally routed IP packet. Coverity CID: 162 (incorrectly, it was re-introduced by previous commit)
Revision 1.262: download - view: text, markup, annotated - select for diffs
Sun Sep 10 17:49:09 2006 UTC (5 years, 5 months ago) by jmg
Branches: MAIN
Diff to: previous 1.261: preferred, colored
Changes since revision 1.261: +25 -18 lines
make use of the host route's mtu for processing. This means we can now support a network w/ split mtu's by assigning each host route the correct mtu. an aspiring programmer could write a daemon to probe hosts and find out if they support a larger mtu.
Revision 1.261: download - view: text, markup, annotated - select for diffs
Wed Sep 6 21:51:58 2006 UTC (5 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.260: preferred, colored
Changes since revision 1.260: +17 -6 lines
First step of TSO (TCP segmentation offload) support in our network stack. o add IFCAP_TSO[46] for drivers to announce this capability for IPv4 and IPv6 o add CSUM_TSO flag to mbuf pkthdr csum_flags field o add tso_segsz field to mbuf pkthdr o enhance ip_output() packet length check to allow for large TSO packets o extend tcp_maxmtu[46]() with a flag pointer to pass interface capabilities o adjust all callers of tcp_maxmtu[46]() accordingly Discussed on: -current, -net Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.260: download - view: text, markup, annotated - select for diffs
Wed Sep 6 17:12:10 2006 UTC (5 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.259: preferred, colored
Changes since revision 1.259: +11 -2 lines
Fix the socket option IP_ONESBCAST by giving it its own case in ip_output() and skip over the normal IP processing. Add a supporting function ifa_ifwithbroadaddr() to verify and validate the supplied subnet broadcast address. PR: kern/99558 Tested by: Andrey V. Elsukov <bu7cher-at-yandex.ru> Sponsored by: TCP/IP Optimization Fundraise 2005 MFC after: 3 days
Revision 1.242.2.8.2.1: download - view: text, markup, annotated - select for diffs
Mon Aug 28 07:31:10 2006 UTC (5 years, 5 months ago) by cperciva
Branches: RELENG_6_1
Diff to: previous 1.242.2.8: preferred, colored; next MAIN 1.242.2.9: preferred, colored
Changes since revision 1.242.2.8: +3 -0 lines
Correct several problems in the network stack, including a locally-triggered kernel panic, inaccuracy in reported memory allocation statistics, and problems on IPv6 point-to-point links. Approved by: so (cperciva) Errata: FreeBSD-EN-06:02.net
Revision 1.242.2.12: download - view: text, markup, annotated - select for diffs
Thu Aug 24 05:40:16 2006 UTC (5 years, 5 months ago) by julian
Branches: RELENG_6
Diff to: previous 1.242.2.11: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.11: +5 -14 lines
MFC: Remove IPFIREWALL_FORWARD_EXTENDED as an option. Allow that behaviour by default. Reviewed by: glebius
Revision 1.259: download - view: text, markup, annotated - select for diffs
Thu Aug 17 00:37:03 2006 UTC (5 years, 5 months ago) by julian
Branches: MAIN
Diff to: previous 1.258: preferred, colored
Changes since revision 1.258: +5 -14 lines
Remove the IPFIREWALL_FORWARD_EXTENDED option and make it on by default as it always was in older versions of FreeBSD. This option is pointless as it is needed in just about every interesting usage of forward that I have ever seen. It doesn't make the system any safer and just wastes huge amounts of develper time when the system doesn't behave as expected when code is moved from 4.x to 6.x It doesn't make the system any safer and just wastes huge amounts of develper time when the system doesn't behave as expected when code is moved from 4.x to 6.x or 7.x Reviewed by: glebius MFC after: 1 week
Revision 1.242.2.11: download - view: text, markup, annotated - select for diffs
Thu Aug 10 10:41:50 2006 UTC (5 years, 6 months ago) by glebius
Branches: RELENG_6
Diff to: previous 1.242.2.10: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.10: +1 -1 lines
MFC rev. 1.258: Fix URL to Bellovin's paper. Submitted by: Anton Yuzhaninov <citrin rambler-co.ru>
Revision 1.242.2.10: download - view: text, markup, annotated - select for diffs
Mon Jul 3 23:14:28 2006 UTC (5 years, 7 months ago) by rwatson
Branches: RELENG_6
Diff to: previous 1.242.2.9: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.9: +3 -0 lines
In ip_ctloutput(), check for a NULL inpcb pointer before dereferencing, as this can occur with TCP if protocol-layer socket options are set or queried after the connection has closed. There are still races associated with ip_ctloutput() and connection close with TCP, corrected in HEAD via a more comprehensive set of changes, but this fixes the trivial panic reported on several occasions. This is a RELENG_6_1 and RELENG_6_0 errata branch candidate. PR: 97095 Tested by: Stanislaw Halik <sthalik at tehran dot lain dot pl> MFC after: 3 days
Revision 1.258: download - view: text, markup, annotated - select for diffs
Thu Jun 29 13:38:36 2006 UTC (5 years, 7 months ago) by glebius
Branches: MAIN
Diff to: previous 1.257: preferred, colored
Changes since revision 1.257: +1 -1 lines
Fix URL to Bellovin's paper. Submitted by: Anton Yuzhaninov <citrin rambler-co.ru>
Revision 1.242.2.9: download - view: text, markup, annotated - select for diffs
Sun Jun 4 10:19:34 2006 UTC (5 years, 8 months ago) by maxim
Branches: RELENG_6
Diff to: previous 1.242.2.8: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.8: +4 -0 lines
MFC rev. 1.257: add missed error check.
Revision 1.257: download - view: text, markup, annotated - select for diffs
Sun May 21 17:52:08 2006 UTC (5 years, 8 months ago) by maxim
Branches: MAIN
Diff to: previous 1.256: preferred, colored
Changes since revision 1.256: +4 -0 lines
o Add missed error check: in ip_ctloutput() sooptcopyin() returns a result but we never examine it. Reviewed by: rwatson MFC after: 2 weeks
Revision 1.256: download - view: text, markup, annotated - select for diffs
Sun May 14 14:22:49 2006 UTC (5 years, 8 months ago) by bms
Branches: MAIN
Diff to: previous 1.255: preferred, colored
Changes since revision 1.255: +29 -1 lines
Fix a long-standing limitation in IPv4 multicast group membership. By making the imo_membership array a dynamically allocated vector, this minimizes disruption to existing IPv4 multicast code. This change breaks the ABI for the kernel module ip_mroute.ko, and may cause a small amount of churn for folks working on the IGMPv3 merge. Previously, sockets were subject to a compile-time limitation on the number of IPv4 group memberships, which was hard-coded to 20. The imo_membership relationship, however, is 1:1 with regards to a tuple of multicast group address and interface address. Users who ran routing protocols such as OSPF ran into this limitation on machines with a large system interface tree.
Revision 1.255: download - view: text, markup, annotated - select for diffs
Thu Feb 2 03:13:15 2006 UTC (6 years ago) by csjp
Branches: MAIN
Diff to: previous 1.254: preferred, colored
Changes since revision 1.254: +1 -1 lines
Somewhat re-factor the read/write locking mechanism associated with the packet filtering mechanisms to use the new rwlock(9) locking API: - Drop the variables stored in the phil_head structure which were specific to conditions and the home rolled read/write locking mechanism. - Drop some includes which were used for condition variables - Drop the inline functions, and convert them to macros. Also, move these macros into pfil.h - Move pfil list locking macros intp phil.h as well - Rename ph_busy_count to ph_nhooks. This variable will represent the number of IN/OUT hooks registered with the pfil head structure - Define PFIL_HOOKED macro which evaluates to true if there are any hooks to be ran by pfil_run_hooks - In the IP/IP6 stacks, change the ph_busy_count comparison to use the new PFIL_HOOKED macro. - Drop optimization in pfil_run_hooks which checks to see if there are any hooks to be ran, and returns if not. This check is already performed by the IP stacks when they call: if (!PFIL_HOOKED(ph)) goto skip_hooks; - Drop in assertion which makes sure that the number of hooks never drops below 0 for good measure. This in theory should never happen, and if it does than there are problems somewhere - Drop special logic around PFIL_WAITOK because rw_wlock(9) does not sleep - Drop variables which support home rolled read/write locking mechanism from the IPFW firewall chain structure. - Swap out the read/write firewall chain lock internal to use the rwlock(9) API instead of our home rolled version - Convert the inlined functions to macros Reviewed by: mlaier, andre, glebius Thanks to: jhb for the new locking API
Revision 1.254: download - view: text, markup, annotated - select for diffs
Wed Feb 1 13:55:03 2006 UTC (6 years ago) by andre
Branches: MAIN
Diff to: previous 1.253: preferred, colored
Changes since revision 1.253: +17 -280 lines
Move the IPSEC related code blocks to their own file to unclutter and signifincantly improve the readability of ip_input() and ip_output() again. The resulting IPSEC hooks in ip_input() and ip_output() may be used later on for making IPSEC loadable. This move is mostly mechanical and should preserve current IPSEC behaviour as-is. Nothing shall prevent improvements in the way IPSEC interacts with the IPv4 stack. Discussed with: bz, gnn, rwatson; (earlier version)
Revision 1.242.2.8: download - view: text, markup, annotated - select for diffs
Tue Jan 31 16:06:05 2006 UTC (6 years ago) by andre
Branches: RELENG_6
CVS tags: RELENG_6_1_BP, RELENG_6_1_0_RELEASE
Branch point for: RELENG_6_1
Diff to: previous 1.242.2.7: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.7: +2 -2 lines
MFC 1.253: In in_delayed_cksum() don't perform m_pullup() because we can't pass the new mbuf pointer to the callers.
Revision 1.242.2.7: download - view: text, markup, annotated - select for diffs
Tue Jan 31 16:01:38 2006 UTC (6 years ago) by andre
Branches: RELENG_6
Diff to: previous 1.242.2.6: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.6: +2 -1 lines
MFC 1.252: Prevent dereferencing NULL route pointer when trying to update the route MTU.
Revision 1.225.2.13: download - view: text, markup, annotated - select for diffs
Wed Jan 18 23:36:49 2006 UTC (6 years ago) by emaste
Branches: RELENG_5
CVS tags: RELENG_5_5_BP, RELENG_5_5_0_RELEASE, RELENG_5_5
Diff to: previous 1.225.2.12: preferred, colored; branchpoint 1.225: preferred, colored; next MAIN 1.226: preferred, colored
Changes since revision 1.225.2.12: +61 -33 lines
Merge IP multicast address list locking from HEAD to RELENG_5, with a few changes to preserve ABI compatibility. subr_witness.c:1.196: Add in_multi_mtx, igmp_mtx, and if_addr_mtx lock order to hard-coded lock order in WITNESS, in that order. in_var.h:1.54 in6_var.h:1.23 mld6.c:1.22: Modify network protocol consumers of the ifnet multicast address lists to lock if_addr_mtx. igmp.c:1.49 in.c:1.86: in_var.h:1.55 ip_input.c:1.303 ip_output.c:1.243: Introduce in_multi_mtx, which will protect IPv4-layer multicast address lists, as well as accessor macros. For now, this is a recursive mutex due code sequences where IPv4 multicast calls into IGMP calls into ip_output(), which then tests for a multicast forwarding case. For support macros in in_var.h to check multicast address lists, assert that in_multi_mtx is held. Acquire in_multi_mtx around iteration over the IPv4 multicast address lists, such as in ip_input() and ip_output(). Acquire in_multi_mtx when manipulating the IPv4 layer multicast addresses, as well as over the manipulation of ifnet multicast address lists in order to keep the two layers in sync. Lock down accesses to IPv4 multicast addresses in IGMP, or assert the lock when performing IGMP join/leave events. Eliminate spl's associated with IPv4 multicast addresses, portions of IGMP that weren't previously expunged by IGMP locking. in.c:1.89 in.c:1.90: Acquire Giant conditionally in in_addmulti() and in_delmulti() based on whether the interface being accessed is IFF_NEEDSGIANT or not. This avoids lock order reversals when calling into the interface ioctl handler, which could potentially lead to deadlock. The long term solution is to eliminate non-MPSAFE network drivers. Discussed with: jhb Unlock Giant symmetrically with respect to lock acquire order as that's generally nicer. Spotted by: johan ip_output.c:1.244: Add helper function ip_findmoptions(), which accepts an inpcb, and attempts to atomically return either an existing set of IP multicast options for the PCB, or a newlly allocated set with default values. The inpcb is returned locked. This function may sleep. Call ip_moptions() to acquire a reference to a PCB's socket options, and perform the update of the options while holding the PCB lock. Release the lock before returning. Remove garbage collection of multicast options when values return to the default, as this complicates locking substantially. Most applications allocate a socket either to be multicast, or not, and don't tend to keep around sockets that have previously been used for multicast, then used for unicast. This closes a number of race conditions involving multiple threads or processes modifying the IP multicast state of a socket simultaenously. Approved by: rwatson (mentor)
Revision 1.253: download - view: text, markup, annotated - select for diffs
Wed Jan 18 18:49:16 2006 UTC (6 years ago) by andre
Branches: MAIN
Diff to: previous 1.252: preferred, colored
Changes since revision 1.252: +2 -2 lines
In in_delayed_cksum() we can't perform a m_pullup() as it may change the mbuf pointer and we don't have any way of passing it back to the callers. Instead just fail silently without updating the checksum but leaving the mbuf+chain intact. A search in our GNATS database did not turn up any match for the existing warning message when this case is encountered. Found by: Coverity Prevent(tm) Coverity ID: CID779 Sponsored by: TCP/IP Optimization Fundraise 2005 MFC after: 3 days
Revision 1.252: download - view: text, markup, annotated - select for diffs
Wed Jan 18 15:05:05 2006 UTC (6 years ago) by andre
Branches: MAIN
Diff to: previous 1.251: preferred, colored
Changes since revision 1.251: +2 -1 lines
Prevent dereferencing a NULL route pointer when trying to update the route MTU. This bug is very difficult to reach and not remotely exploitable. Found by: Coverity Prevent(tm) Coverity ID: CID162 Sponsored by: TCP/IP Optimization Fundraise 2005 MFC after: 3 days
Revision 1.225.2.12: download - view: text, markup, annotated - select for diffs
Wed Dec 28 13:37:25 2005 UTC (6 years, 1 month ago) by glebius
Branches: RELENG_5
Diff to: previous 1.225.2.11: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.11: +1 -0 lines
MFC 1.251: When we drop packet due to no space in output interface output queue, also increase the ifp->if_snd.ifq_drops. PR: 72440 Submitted by: ikob
Revision 1.242.2.6: download - view: text, markup, annotated - select for diffs
Wed Dec 28 13:35:56 2005 UTC (6 years, 1 month ago) by glebius
Branches: RELENG_6
Diff to: previous 1.242.2.5: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.5: +1 -0 lines
MFC 1.251: When we drop packet due to no space in output interface output queue, also increase the ifp->if_snd.ifq_drops. PR: 72440 Submitted by: ikob
Revision 1.99.2.46: download - view: text, markup, annotated - select for diffs
Sat Dec 10 14:32:55 2005 UTC (6 years, 2 months ago) by glebius
Branches: RELENG_4
Diff to: previous 1.99.2.45: preferred, colored; branchpoint 1.99: preferred, colored; next MAIN 1.100: preferred, colored
Changes since revision 1.99.2.45: +1 -1 lines
Fix a typo that caused a panic in a quite rare case: when a packet was policy routed by ipfw(4) to local IP address, and the previous destination of the packet was reachable via an interface with checksum offloading capabilities. Not applicable to RELENG_5, RELENG_6 and HEAD. Submitted by: Mihail Balikov <misho interbgc.com>
Revision 1.251: download - view: text, markup, annotated - select for diffs
Tue Dec 6 11:16:11 2005 UTC (6 years, 2 months ago) by glebius
Branches: MAIN
Diff to: previous 1.250: preferred, colored
Changes since revision 1.250: +1 -0 lines
When we drop packet due to no space in output interface output queue, also increase the ifp->if_snd.ifq_drops. PR: 72440 Submitted by: ikob
Revision 1.250: download - view: text, markup, annotated - select for diffs
Fri Nov 18 20:12:39 2005 UTC (6 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.249: preferred, colored
Changes since revision 1.249: +1 -212 lines
Consolidate all IP Options handling functions into ip_options.[ch] and include ip_options.h into all files making use of IP Options functions. From ip_input.c rev 1.306: ip_dooptions(struct mbuf *m, int pass) save_rte(m, option, dst) ip_srcroute(m0) ip_stripoptions(m, mopt) From ip_output.c rev 1.249: ip_insertoptions(m, opt, phlen) ip_optcopy(ip, jp) ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m) No functional changes in this commit. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.249: download - view: text, markup, annotated - select for diffs
Fri Nov 18 16:23:26 2005 UTC (6 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.248: preferred, colored
Changes since revision 1.248: +12 -1 lines
Purge layer specific mbuf flags on layer crossings to avoid confusing upper or lower layers. Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.248: download - view: text, markup, annotated - select for diffs
Wed Nov 2 13:46:31 2005 UTC (6 years, 3 months ago) by andre
Branches: MAIN
Diff to: previous 1.247: preferred, colored
Changes since revision 1.247: +2 -2 lines
Retire MT_HEADER mbuf type and change its users to use MT_DATA. Having an additional MT_HEADER mbuf type is superfluous and redundant as nothing depends on it. It only adds a layer of confusion. The distinction between header mbuf's and data mbuf's is solely done through the m->m_flags M_PKTHDR flag. Non-native code is not changed in this commit. For compatibility MT_HEADER is mapped to MT_DATA. Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.242.2.5: download - view: text, markup, annotated - select for diffs
Sun Oct 9 04:24:45 2005 UTC (6 years, 4 months ago) by delphij
Branches: RELENG_6
CVS tags: RELENG_6_0_BP, RELENG_6_0_0_RELEASE, RELENG_6_0
Diff to: previous 1.242.2.4: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.4: +1 -1 lines
MFC (by andre) | Use the correct mbuf type for MGET(). | | Revision Changes Path | 1.304 +1 -1 src/sys/netinet/ip_input.c | 1.246 +1 -1 src/sys/netinet/ip_output.c | 1.232 +1 -1 src/sys/netinet/tcp_subr.c | 1.97 +1 -1 src/sys/netinet6/ip6_output.c Approved by: re (scottl)
Revision 1.242.2.4: download - view: text, markup, annotated - select for diffs
Sun Oct 2 15:45:47 2005 UTC (6 years, 4 months ago) by andre
Branches: RELENG_6
Diff to: previous 1.242.2.3: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.3: +8 -0 lines
MFC IP_DONTFRAG IP socket option. Approved by: re (scottl)
Revision 1.242.2.3: download - view: text, markup, annotated - select for diffs
Sat Oct 1 15:56:43 2005 UTC (6 years, 4 months ago) by andre
Branches: RELENG_6
Diff to: previous 1.242.2.2: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.2: +14 -0 lines
MFC: IP_MINTTL socket option. Approved by: re (scottl)
Revision 1.247: download - view: text, markup, annotated - select for diffs
Mon Sep 26 20:25:16 2005 UTC (6 years, 4 months ago) by andre
Branches: MAIN
Diff to: previous 1.246: preferred, colored
Changes since revision 1.246: +9 -1 lines
Implement IP_DONTFRAG IP socket option enabling the Don't Fragment flag on IP packets. Currently this option is only repected on udp and raw ip sockets. On tcp sockets the DF flag is controlled by the path MTU discovery option. Sending a packet larger than the MTU size of the egress interface returns an EMSGSIZE error. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.246: download - view: text, markup, annotated - select for diffs
Tue Aug 30 16:35:26 2005 UTC (6 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.245: preferred, colored
Changes since revision 1.245: +1 -1 lines
Use the correct mbuf type for MGET().
Revision 1.242.2.2: download - view: text, markup, annotated - select for diffs
Wed Aug 24 17:30:44 2005 UTC (6 years, 5 months ago) by rwatson
Branches: RELENG_6
Diff to: previous 1.242.2.1: preferred, colored; branchpoint 1.242: preferred, colored
Changes since revision 1.242.2.1: +3 -0 lines
Merge subr_witness.c:1.196, igmp.c:1.49, in.c:1.86, in_var.h:1.55, ip_input.c:1.303, ip_output.c:1.243 from HEAD to RELENG_6: Introduce in_multi_mtx, which will protect IPv4-layer multicast address lists, as well as accessor macros. For now, this is a recursive mutex due code sequences where IPv4 multicast calls into IGMP calls into ip_output(), which then tests for a multicast forwarding case. For support macros in in_var.h to check multicast address lists, assert that in_multi_mtx is held. Acquire in_multi_mtx around iteration over the IPv4 multicast address lists, such as in ip_input() and ip_output(). Acquire in_multi_mtx when manipulating the IPv4 layer multicast addresses, as well as over the manipulation of ifnet multicast address lists in order to keep the two layers in sync. Lock down accesses to IPv4 multicast addresses in IGMP, or assert the lock when performing IGMP join/leave events. Eliminate spl's associated with IPv4 multicast addresses, portions of IGMP that weren't previously expunged by IGMP locking. Add in_multi_mtx, igmp_mtx, and if_addr_mtx lock order to hard-coded lock order in WITNESS, in that order. Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca> Approved by: re (scottl)
Revision 1.245: download - view: text, markup, annotated - select for diffs
Mon Aug 22 16:13:07 2005 UTC (6 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.244: preferred, colored
Changes since revision 1.244: +14 -0 lines
Add socketoption IP_MINTTL. May be used to set the minimum acceptable TTL a packet must have when received on a socket. All packets with a lower TTL are silently dropped. Works on already connected/connecting and listening sockets for RAW/UDP/TCP. This option is only really useful when set to 255 preventing packets from outside the directly connected networks reaching local listeners on sockets. Allows userland implementation of 'The Generalized TTL Security Mechanism (GTSM)' according to RFC3682. Examples of such use include the Cisco IOS BGP implementation command "neighbor ttl-security". MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.242.2.1: download - view: text, markup, annotated - select for diffs
Sat Aug 20 21:32:08 2005 UTC (6 years, 5 months ago) by rwatson
Branches: RELENG_6
Diff to: previous 1.242: preferred, colored
Changes since revision 1.242: +58 -33 lines
Merge ip_output.c:1.244 from HEAD to RELENG_6: Add helper function ip_findmoptions(), which accepts an inpcb, and attempts to atomically return either an existing set of IP multicast options for the PCB, or a newlly allocated set with default values. The inpcb is returned locked. This function may sleep. Call ip_moptions() to acquire a reference to a PCB's socket options, and perform the update of the options while holding the PCB lock. Release the lock before returning. Remove garbage collection of multicast options when values return to the default, as this complicates locking substantially. Most applications allocate a socket either to be multicast, or not, and don't tend to keep around sockets that have previously been used for multicast, then used for unicast. This closes a number of race conditions involving multiple threads or processes modifying the IP multicast state of a socket simultaenously. Approved by: re (scottl)
Revision 1.244: download - view: text, markup, annotated - select for diffs
Tue Aug 9 17:19:21 2005 UTC (6 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.243: preferred, colored
Changes since revision 1.243: +58 -33 lines
Add helper function ip_findmoptions(), which accepts an inpcb, and attempts to atomically return either an existing set of IP multicast options for the PCB, or a newlly allocated set with default values. The inpcb is returned locked. This function may sleep. Call ip_moptions() to acquire a reference to a PCB's socket options, and perform the update of the options while holding the PCB lock. Release the lock before returning. Remove garbage collection of multicast options when values return to the default, as this complicates locking substantially. Most applications allocate a socket either to be multicast, or not, and don't tend to keep around sockets that have previously been used for multicast, then used for unicast. This closes a number of race conditions involving multiple threads or processes modifying the IP multicast state of a socket simultaenously. MFC after: 7 days
Revision 1.243: download - view: text, markup, annotated - select for diffs
Wed Aug 3 19:29:46 2005 UTC (6 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.242: preferred, colored
Changes since revision 1.242: +3 -0 lines
Introduce in_multi_mtx, which will protect IPv4-layer multicast address lists, as well as accessor macros. For now, this is a recursive mutex due code sequences where IPv4 multicast calls into IGMP calls into ip_output(), which then tests for a multicast forwarding case. For support macros in in_var.h to check multicast address lists, assert that in_multi_mtx is held. Acquire in_multi_mtx around iteration over the IPv4 multicast address lists, such as in ip_input() and ip_output(). Acquire in_multi_mtx when manipulating the IPv4 layer multicast addresses, as well as over the manipulation of ifnet multicast address lists in order to keep the two layers in sync. Lock down accesses to IPv4 multicast addresses in IGMP, or assert the lock when performing IGMP join/leave events. Eliminate spl's associated with IPv4 multicast addresses, portions of IGMP that weren't previously expunged by IGMP locking. Add in_multi_mtx, igmp_mtx, and if_addr_mtx lock order to hard-coded lock order in WITNESS, in that order. Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca> MFC after: 10 days
Revision 1.242: download - view: text, markup, annotated - select for diffs
Tue Jul 5 23:39:50 2005 UTC (6 years, 7 months ago) by rwatson
Branches: MAIN
CVS tags: RELENG_6_BP
Branch point for: RELENG_6
Diff to: previous 1.241: preferred, colored
Changes since revision 1.241: +1 -1 lines
Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which is redundant with respect to existing mbuf copy label routines. Expose a new mac_copy_mbuf() routine at the top end of the Framework and use that; use the existing mpo_copy_mbuf_label() routine on the bottom end. Obtained from: TrustedBSD Project Sponsored by: SPARTA, SPAWAR Approved by: re (scottl)
Revision 1.241: download - view: text, markup, annotated - select for diffs
Fri Jun 10 16:49:21 2005 UTC (6 years, 8 months ago) by brooks
Branches: MAIN
Diff to: previous 1.240: preferred, colored
Changes since revision 1.240: +2 -2 lines
Stop embedding struct ifnet at the top of driver softcs. Instead the struct ifnet or the layer 2 common structure it was embedded in have been replaced with a struct ifnet pointer to be filled by a call to the new function, if_alloc(). The layer 2 common structure is also allocated via if_alloc() based on the interface type. It is hung off the new struct ifnet member, if_l2com. This change removes the size of these structures from the kernel ABI and will allow us to better manage them as interfaces come and go. Other changes of note: - Struct arpcom is no longer referenced in normal interface code. Instead the Ethernet address is accessed via the IFP2ENADDR() macro. To enforce this ac_enaddr has been renamed to _ac_enaddr. - The second argument to ether_ifattach is now always the mac address from driver private storage rather than sometimes being ac_enaddr. Reviewed by: sobomax, sam
Revision 1.225.2.11: download - view: text, markup, annotated - select for diffs
Wed Mar 2 19:50:12 2005 UTC (6 years, 11 months ago) by andre
Branches: RELENG_5
CVS tags: RELENG_5_4_BP, RELENG_5_4_0_RELEASE, RELENG_5_4
Diff to: previous 1.225.2.10: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.10: +5 -1 lines
MFC: Bring back full packet destination manipulation for 'ipfw fwd' with the kernel compile time option: options IPFIREWALL_FORWARD_EXTENDED This option has to be specified in addition to IPFIRWALL_FORWARD. PR: kern/71910 PR: kern/73129
Revision 1.225.2.10: download - view: text, markup, annotated - select for diffs
Wed Feb 23 06:47:28 2005 UTC (6 years, 11 months ago) by alc
Branches: RELENG_5
Diff to: previous 1.225.2.9: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.9: +2 -1 lines
MFC revision 1.239 Correctly move the packet header in ip_insertoptions().
Revision 1.240: download - view: text, markup, annotated - select for diffs
Tue Feb 22 17:40:40 2005 UTC (6 years, 11 months ago) by andre
Branches: MAIN
Diff to: previous 1.239: preferred, colored
Changes since revision 1.239: +5 -1 lines
Bring back the full packet destination manipulation for 'ipfw fwd' with the kernel compile time option: options IPFIREWALL_FORWARD_EXTENDED This option has to be specified in addition to IPFIRWALL_FORWARD. With this option even packets targeted for an IP address local to the host can be redirected. All restrictions to ensure proper behaviour for locally generated packets are turned off. Firewall rules have to be carefully crafted to make sure that things like PMTU discovery do not break. Document the two kernel options. PR: kern/71910 PR: kern/73129 MFC after: 1 week
Revision 1.225.2.9: download - view: text, markup, annotated - select for diffs
Mon Jan 31 23:26:36 2005 UTC (7 years ago) by imp
Branches: RELENG_5
Diff to: previous 1.225.2.8: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.8: +1 -1 lines
MFC: /*- and related license changes
Revision 1.239: download - view: text, markup, annotated - select for diffs
Sun Jan 23 19:43:46 2005 UTC (7 years ago) by alc
Branches: MAIN
Diff to: previous 1.238: preferred, colored
Changes since revision 1.238: +2 -1 lines
Correctly move the packet header in ip_insertoptions(). Reported by: Anupam Chanda Reviewed by: sam@ MFC after: 2 weeks
Revision 1.238: download - view: text, markup, annotated - select for diffs
Fri Jan 7 01:45:44 2005 UTC (7 years, 1 month ago) by imp
Branches: MAIN
Diff to: previous 1.237: preferred, colored
Changes since revision 1.237: +1 -1 lines
/* -> /*- for license, minor formatting changes
Revision 1.225.2.8: download - view: text, markup, annotated - select for diffs
Thu Jan 6 21:05:07 2005 UTC (7 years, 1 month ago) by rwatson
Branches: RELENG_5
Diff to: previous 1.225.2.7: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.7: +8 -10 lines
Merge ip_output.c:1.235 from HEAD to RELENG_5: date: 2004/12/05 21:38:33; author: rwatson; state: Exp; lines: +8 -10 Push the inpcb argument into ip_setmoptions() when setting IP multicast socket options, so that it is available for locking.
Revision 1.237: download - view: text, markup, annotated - select for diffs
Sat Dec 25 22:59:42 2004 UTC (7 years, 1 month ago) by rwatson
Branches: MAIN
Diff to: previous 1.236: preferred, colored
Changes since revision 1.236: +0 -1 lines
Remove an errant blank line apparently introduced in ip_output.c:1.194.
Revision 1.225.2.7: download - view: text, markup, annotated - select for diffs
Wed Dec 22 09:34:49 2004 UTC (7 years, 1 month ago) by rwatson
Branches: RELENG_5
Diff to: previous 1.225.2.6: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.6: +14 -6 lines
Merge ip_output.c:1.236 from HEAD to RELENG_5: date: 2004/12/05 22:08:37; author: rwatson; state: Exp; lines: +14 -6 Pass the inpcb reference into ip_getmoptions() rather than just the inp->inp_moptions pointer, so that ip_getmoptions() can perform necessary locking when doing non-atomic reads. Lock the inpcb by default to copy any data to local variables, then unlock before performing sooptcopyout(). MFC after: 2 weeks
Revision 1.225.2.6: download - view: text, markup, annotated - select for diffs
Wed Dec 22 09:31:07 2004 UTC (7 years, 1 month ago) by rwatson
Branches: RELENG_5
Diff to: previous 1.225.2.5: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.5: +13 -10 lines
Merge ip_output.c:1.233 (and forced commit MFC reminder
ip_output.c:1.234) from HEAD to RELENG_5:
date: 2004/12/05 19:11:09; author: rwatson; state: Exp; lines: +13 -10
Start working through inpcb locking for ip_ctloutput() by cleaning up
modifications to the inpcb IP options mbuf:
- Lock the inpcb before passing it into ip_pcbopts() in order to prevent
simulatenous reads and read-modify-writes that could result in races.
- Pass the inpcb reference into ip_pcbopts() instead of the option chain
pointer in the inpcb.
- Assert the inpcb lock in ip_pcbots.
- Convert one or two uses of a pointer as a boolean or an integer
comparison to a comparison with NULL for readability.
Revision 1.236: download - view: text, markup, annotated - select for diffs
Sun Dec 5 22:08:37 2004 UTC (7 years, 2 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.235: preferred, colored
Changes since revision 1.235: +14 -6 lines
Pass the inpcb reference into ip_getmoptions() rather than just the inp->inp_moptions pointer, so that ip_getmoptions() can perform necessary locking when doing non-atomic reads. Lock the inpcb by default to copy any data to local variables, then unlock before performing sooptcopyout(). MFC after: 2 weeks
Revision 1.235: download - view: text, markup, annotated - select for diffs
Sun Dec 5 21:38:33 2004 UTC (7 years, 2 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.234: preferred, colored
Changes since revision 1.234: +8 -10 lines
Push the inpcb argument into ip_setmoptions() when setting IP multicast socket options, so that it is available for locking.
Revision 1.234: download - view: text, markup, annotated - select for diffs
Sun Dec 5 19:12:06 2004 UTC (7 years, 2 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.233: preferred, colored
Changes since revision 1.233: +0 -0 lines
Forced commit to note that the previous revision, 1.233, should be: MFC after: 2 weeks
Revision 1.233: download - view: text, markup, annotated - select for diffs
Sun Dec 5 19:11:09 2004 UTC (7 years, 2 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.232: preferred, colored
Changes since revision 1.232: +13 -10 lines
Start working through inpcb locking for ip_ctloutput() by cleaning up modifications to the inpcb IP options mbuf: - Lock the inpcb before passing it into ip_pcbopts() in order to prevent simulatenous reads and read-modify-writes that could result in races. - Pass the inpcb reference into ip_pcbopts() instead of the option chain pointer in the inpcb. - Assert the inpcb lock in ip_pcbots. - Convert one or two uses of a pointer as a boolean or an integer comparison to a comparison with NULL for readability.
Revision 1.225.2.5: download - view: text, markup, annotated - select for diffs
Sun Oct 3 17:04:40 2004 UTC (7 years, 4 months ago) by mlaier
Branches: RELENG_5
CVS tags: RELENG_5_3_BP, RELENG_5_3_0_RELEASE, RELENG_5_3
Diff to: previous 1.225.2.4: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.4: +1 -1 lines
MFC pfil API change: Add an additional struct inpcb * argument to pfil(9) in order to enable passing along socket information. This is required to work around a LOR with the socket code which results in an easy reproducible hard lockup with debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us to do so later. The missing piece is to turn the filter locking into a leaf lock and will follow in a seperate (later) commit. Suggested by: rwatson A lot of work by: csjp LOR IDs: 14 - 17 (not fixed yet) Approved by: re (scottl)
Revision 1.232: download - view: text, markup, annotated - select for diffs
Wed Sep 29 04:54:33 2004 UTC (7 years, 4 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.231: preferred, colored
Changes since revision 1.231: +1 -1 lines
Add an additional struct inpcb * argument to pfil(9) in order to enable passing along socket information. This is required to work around a LOR with the socket code which results in an easy reproducible hard lockup with debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us to do so later. The missing piece is to turn the filter locking into a leaf lock and will follow in a seperate (later) commit. This will hopefully be MT5'ed in order to fix the problem for RELENG_5 in forseeable future. Suggested by: rwatson A lot of work by: csjp (he'd be even more helpful w/o mentor-reviews ;) Reviewed by: rwatson, csjp Tested by: -pf, -ipfw, LINT, csjp and myself MFC after: 3 days LOR IDs: 14 - 17 (not fixed yet)
Revision 1.225.2.4: download - view: text, markup, annotated - select for diffs
Wed Sep 22 19:23:38 2004 UTC (7 years, 4 months ago) by andre
Branches: RELENG_5
Diff to: previous 1.225.2.3: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.3: +7 -18 lines
MFC: Make PFIL_HOOKS a permanent part of the kernel and remove the associated kernel compile option. Approved by: re (scottl)
Revision 1.225.2.3: download - view: text, markup, annotated - select for diffs
Wed Sep 15 15:07:09 2004 UTC (7 years, 4 months ago) by andre
Branches: RELENG_5
Diff to: previous 1.225.2.2: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.2: +2 -2 lines
MFC 1.229: Replace ifunit("lo0") with direct 'loif' pointer.
Approved by: re (kensmith)
Revision 1.225.2.2: download - view: text, markup, annotated - select for diffs
Tue Sep 14 03:42:46 2004 UTC (7 years, 4 months ago) by jmg
Branches: RELENG_5
Diff to: previous 1.225.2.1: preferred, colored; branchpoint 1.225: preferred, colored
Changes since revision 1.225.2.1: +1 -3 lines
MFC: v1.230 > revert comment from rev1.158 now that rev1.225 backed it out.. Approved by: re (kensmith)
Revision 1.231: download - view: text, markup, annotated - select for diffs
Mon Sep 13 17:09:06 2004 UTC (7 years, 4 months ago) by andre
Branches: MAIN
Diff to: previous 1.230: preferred, colored
Changes since revision 1.230: +2 -1 lines
Make comments more clear for the packet changed cases after pfil hooks.
Revision 1.230: download - view: text, markup, annotated - select for diffs
Mon Sep 6 15:48:38 2004 UTC (7 years, 5 months ago) by jmg
Branches: MAIN
Diff to: previous 1.229: preferred, colored
Changes since revision 1.229: +1 -3 lines
revert comment from rev1.158 now that rev1.225 backed it out.. MFC after: 3 days
Revision 1.229: download - view: text, markup, annotated - select for diffs
Fri Aug 27 15:39:34 2004 UTC (7 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.228: preferred, colored
Changes since revision 1.228: +2 -2 lines
In the case the destination of a packet was changed by the packet filter
to point to a local IP address; and the packet was sourced from this host
we fill in the m_pkthdr.rcvif with a pointer to the loopback interface.
Before the function ifunit("lo0") was used to obtain the ifp. However
this is sub-optimal from a performance point of view and might be dangerous
if the loopback interface has been renamed. Use the global variable 'loif'
instead which always points to the loopback interface.
Submitted by: brooks
Revision 1.228: download - view: text, markup, annotated - select for diffs
Fri Aug 27 15:16:22 2004 UTC (7 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.227: preferred, colored
Changes since revision 1.227: +7 -17 lines
Always compile PFIL_HOOKS into the kernel and remove the associated kernel compile option. All FreeBSD packet filters now use the PFIL_HOOKS API and thus it becomes a standard part of the network stack. If no hooks are connected the entire packet filter hooks section and related activities are jumped over. This removes any performance impact if no hooks are active. Both OpenBSD and DragonFlyBSD have integrated PFIL_HOOKS permanently as well.
Revision 1.227: download - view: text, markup, annotated - select for diffs
Sun Aug 22 16:42:28 2004 UTC (7 years, 5 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.226: preferred, colored
Changes since revision 1.226: +14 -13 lines
Allow early drop for non-ALTQ enabled queues in an ALTQ-enabled kernel. Previously the early drop was disabled unconditionally for ALTQ-enabled kernels. This should give some benefit for the normal gateway + LAN-server case with a busy LAN leg and an ALTQ managed uplink. Reviewed and style help from: cperciva, pjd
Revision 1.225.2.1: download - view: text, markup, annotated - select for diffs
Wed Aug 18 23:27:42 2004 UTC (7 years, 5 months ago) by scottl
Branches: RELENG_5
Diff to: previous 1.225: preferred, colored
Changes since revision 1.225: +4 -0 lines
MFC: Fix the kernel compile when not using PFIL_HOOKS and IPSEC. Submitted by: rwatson, peter Approved by: re
Revision 1.226: download - view: text, markup, annotated - select for diffs
Wed Aug 18 00:37:46 2004 UTC (7 years, 5 months ago) by peter
Branches: MAIN
Diff to: previous 1.225: preferred, colored
Changes since revision 1.225: +4 -0 lines
Make the kernel compile again if you are not using PFIL_HOOKS
Revision 1.225: download - view: text, markup, annotated - select for diffs
Tue Aug 17 22:05:54 2004 UTC (7 years, 5 months ago) by andre
Branches: MAIN
CVS tags: RELENG_5_BP
Branch point for: RELENG_5
Diff to: previous 1.224: preferred, colored
Changes since revision 1.224: +66 -281 lines
Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland and preserves the ipfw ABI. The ipfw core packet inspection and filtering functions have not been changed, only how ipfw is invoked is different. However there are many changes how ipfw is and its add-on's are handled: In general ipfw is now called through the PFIL_HOOKS and most associated magic, that was in ip_input() or ip_output() previously, is now done in ipfw_check_[in|out]() in the ipfw PFIL handler. IPDIVERT is entirely handled within the ipfw PFIL handlers. A packet to be diverted is checked if it is fragmented, if yes, ip_reass() gets in for reassembly. If not, or all fragments arrived and the packet is complete, divert_packet is called directly. For 'tee' no reassembly attempt is made and a copy of the packet is sent to the divert socket unmodified. The original packet continues its way through ip_input/output(). ipfw 'forward' is done via m_tag's. The ipfw PFIL handlers tag the packet with the new destination sockaddr_in. A check if the new destination is a local IP address is made and the m_flags are set appropriately. ip_input() and ip_output() have some more work to do here. For ip_input() the m_flags are checked and a packet for us is directly sent to the 'ours' section for further processing. Destination changes on the input path are only tagged and the 'srcrt' flag to ip_forward() is set to disable destination checks and ICMP replies at this stage. The tag is going to be handled on output. ip_output() again checks for m_flags and the 'ours' tag. If found, the packet will be dropped back to the IP netisr where it is going to be picked up by ip_input() again and the directly sent to the 'ours' section. When only the destination changes, the route's 'dst' is overwritten with the new destination from the forward m_tag. Then it jumps back at the route lookup again and skips the firewall check because it has been marked with M_SKIP_FIREWALL. ipfw 'forward' has to be compiled into the kernel with 'option IPFIREWALL_FORWARD' to enable it. DUMMYNET is entirely handled within the ipfw PFIL handlers. A packet for a dummynet pipe or queue is directly sent to dummynet_io(). Dummynet will then inject it back into ip_input/ip_output() after it has served its time. Dummynet packets are tagged and will continue from the next rule when they hit the ipfw PFIL handlers again after re-injection. BRIDGING and IPFW_ETHER are not changed yet and use ipfw_chk() directly as they did before. Later this will be changed to dedicated ETHER PFIL_HOOKS. More detailed changes to the code: conf/files Add netinet/ip_fw_pfil.c. conf/options Add IPFIREWALL_FORWARD option. modules/ipfw/Makefile Add ip_fw_pfil.c. net/bridge.c Disable PFIL_HOOKS if ipfw for bridging is active. Bridging ipfw is still directly invoked to handle layer2 headers and packets would get a double ipfw when run through PFIL_HOOKS as well. netinet/ip_divert.c Removed divert_clone() function. It is no longer used. netinet/ip_dummynet.[ch] Neither the route 'ro' nor the destination 'dst' need to be stored while in dummynet transit. Structure members and associated macros are removed. netinet/ip_fastfwd.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. netinet/ip_fw.h Removed 'ro' and 'dst' from struct ip_fw_args. netinet/ip_fw2.c (Re)moved some global variables and the module handling. netinet/ip_fw_pfil.c New file containing the ipfw PFIL handlers and module initialization. netinet/ip_input.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. ip_forward() does not longer require the 'next_hop' struct sockaddr_in argument. Disable early checks if 'srcrt' is set. netinet/ip_output.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. netinet/ip_var.h Add ip_reass() as general function. (Used from ipfw PFIL handlers for IPDIVERT.) netinet/raw_ip.c Directly check if ipfw and dummynet control pointers are active. netinet/tcp_input.c Rework the 'ipfw forward' to local code to work with the new way of forward tags. netinet/tcp_sack.c Remove include 'opt_ipfw.h' which is not needed here. sys/mbuf.h Remove m_claim_next() macro which was exclusively for ipfw 'forward' and is no longer needed. Approved by: re (scottl)
Revision 1.224: download - view: text, markup, annotated - select for diffs
Sat Aug 14 15:32:19 2004 UTC (7 years, 5 months ago) by dwmalone
Branches: MAIN
Diff to: previous 1.223: preferred, colored
Changes since revision 1.223: +1 -6 lines
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD
have already done this, so I have styled the patch on their work:
1) introduce a ip_newid() static inline function that checks
the sysctl and then decides if it should return a sequential
or random IP ID.
2) named the sysctl net.inet.ip.random_id
3) IPv6 flow IDs and fragment IDs are now always random.
Flow IDs and frag IDs are significantly less common in the
IPv6 world (ie. rarely generated per-packet), so there should
be smaller performance concerns.
The sysctl defaults to 0 (sequential IP IDs).
Reviewed by: andre, silby, mlaier, ume
Based on: NetBSD
MFC after: 2 months
Revision 1.223: download - view: text, markup, annotated - select for diffs
Wed Aug 11 10:46:15 2004 UTC (7 years, 6 months ago) by andre
Branches: MAIN
Diff to: previous 1.222: preferred, colored
Changes since revision 1.222: +10 -10 lines
Consistently use NULL for pointer comparisons.
Revision 1.222: download - view: text, markup, annotated - select for diffs
Mon Aug 9 16:16:10 2004 UTC (7 years, 6 months ago) by andre
Branches: MAIN
Diff to: previous 1.221: preferred, colored
Changes since revision 1.221: +1 -0 lines
Make a comment that "ipfw forward" is not SMP and PREEMPTION safe.
Revision 1.221: download - view: text, markup, annotated - select for diffs
Tue Aug 3 14:13:36 2004 UTC (7 years, 6 months ago) by andre
Branches: MAIN
Diff to: previous 1.220: preferred, colored
Changes since revision 1.220: +0 -10 lines
o Delayed checksums are now calculated in divert_packet() for diverted packets Remove the XXX-escaped code that did it in ip_output()'s IPHACK section.
Revision 1.220: download - view: text, markup, annotated - select for diffs
Thu Jun 24 02:05:47 2004 UTC (7 years, 7 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.219: preferred, colored
Changes since revision 1.219: +10 -5 lines
In ip_ctloutput(), acquire the inpcb lock around some of the basic inpcb flag and status updates.
Revision 1.219: download - view: text, markup, annotated - select for diffs
Sun Jun 13 17:29:09 2004 UTC (7 years, 7 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.218: preferred, colored
Changes since revision 1.218: +7 -0 lines
Link ALTQ to the build and break with ABI for struct ifnet. Please recompile your (network) modules as well as any userland that might make sense of sizeof(struct ifnet). This does not change the queueing yet. These changes will follow in a seperate commit. Same with the driver changes, which need case by case evaluation. __FreeBSD_version bump will follow. Tested-by: (i386)LINT
Revision 1.99.2.45: download - view: text, markup, annotated - select for diffs
Tue Jun 1 07:38:56 2004 UTC (7 years, 8 months ago) by maxim
Branches: RELENG_4
CVS tags: RELENG_4_11_BP, RELENG_4_11_0_RELEASE, RELENG_4_11
Diff to: previous 1.99.2.44: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.44: +1 -1 lines
MFC rev. 1.218: fix buffer overrun in in_pcbopts().
Revision 1.218: download - view: text, markup, annotated - select for diffs
Tue May 11 19:14:44 2004 UTC (7 years, 9 months ago) by maxim
Branches: MAIN
Diff to: previous 1.217: preferred, colored
Changes since revision 1.217: +1 -1 lines
o Calculate a number of bytes to copy (cnt) correctly:
+----+-+-+-+-+----+----+- - - - - - - - - - - - -+----+
| | |C| | | | | | |
| IP |N|O|L|P| | IP | | IP |
| #1 |O|D|E|T| | #2 | | #n |
| |P|E|N|R| | | | |
+----+-+-+-+-+----+----+- - - - - - - - - - - - -+----+
^ ^<---- cnt - (IPOPT_MINOFF - 1) ---->|
| |
src | +-- cp[IPOPT_OFF + 1] + sizeof(struct in_addr)
|
dst +-- cp[IPOPT_OFF + 1]
PR: kern/66386
Submitted by: Andrei Iltchenko
MFC after: 3 weeks
Revision 1.217: download - view: text, markup, annotated - select for diffs
Sun May 2 15:10:16 2004 UTC (7 years, 9 months ago) by darrenr
Branches: MAIN
Diff to: previous 1.216: preferred, colored
Changes since revision 1.216: +1 -1 lines
Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier.
Revision 1.216: download - view: text, markup, annotated - select for diffs
Sun May 2 06:36:30 2004 UTC (7 years, 9 months ago) by darrenr
Branches: MAIN
Diff to: previous 1.215: preferred, colored
Changes since revision 1.215: +1 -1 lines
Rename ip_claim_next_hop() to m_claim_next_hop(), give it an extra arg (the type of tag to claim) and push it out of ip_var.h into mbuf.h alongside all of the other macros that work ok mbuf's and tag's.
Revision 1.215: download - view: text, markup, annotated - select for diffs
Wed Apr 14 01:13:14 2004 UTC (7 years, 9 months ago) by luigi
Branches: MAIN
Diff to: previous 1.214: preferred, colored
Changes since revision 1.214: +1 -1 lines
In an effort to simplify the routing code, try to deprecate rtalloc() in favour of rtalloc_ign(), which is what would end up being called anyways. There are 25 more instances of rtalloc() in net*/ and about 10 instances of rtalloc_ign()
Revision 1.214: download - view: text, markup, annotated - select for diffs
Wed Apr 7 20:46:13 2004 UTC (7 years, 10 months ago) by imp
Branches: MAIN
Diff to: previous 1.213: preferred, colored
Changes since revision 1.213: +0 -4 lines
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
Revision 1.99.2.44: download - view: text, markup, annotated - select for diffs
Wed Apr 7 10:01:39 2004 UTC (7 years, 10 months ago) by ru
Branches: RELENG_4
CVS tags: RELENG_4_10_BP, RELENG_4_10_0_RELEASE, RELENG_4_10
Diff to: previous 1.99.2.43: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.43: +8 -8 lines
Fixed a bug in previous revision: compute the payload checksum before we convert ip_len into a network byte order; in_delayed_cksum() still expects it in host byte order. The symtom was the ``in_cksum_skip: out of data by %d'' complaints from the kernel. To add to the previous commit log. These fixes make tcpdump(1) happy by not complaining about UDP/TCP checksum being bad for looped back IP multicast when multicast router is deactivated. Reported by: Vsevolod Lobko
Revision 1.213: download - view: text, markup, annotated - select for diffs
Wed Apr 7 10:01:38 2004 UTC (7 years, 10 months ago) by ru
Branches: MAIN
Diff to: previous 1.212: preferred, colored
Changes since revision 1.212: +8 -8 lines
Fixed a bug in previous revision: compute the payload checksum before we convert ip_len into a network byte order; in_delayed_cksum() still expects it in host byte order. The symtom was the ``in_cksum_skip: out of data by %d'' complaints from the kernel. To add to the previous commit log. These fixes make tcpdump(1) happy by not complaining about UDP/TCP checksum being bad for looped back IP multicast when multicast router is deactivated. Reported by: Vsevolod Lobko
Revision 1.99.2.43: download - view: text, markup, annotated - select for diffs
Wed Mar 31 07:52:15 2004 UTC (7 years, 10 months ago) by ru
Branches: RELENG_4
Diff to: previous 1.99.2.42: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.42: +3 -13 lines
MFC: 1.212: Rework multicast routing interaction with delayed checksums.
Revision 1.212: download - view: text, markup, annotated - select for diffs
Thu Mar 25 08:46:27 2004 UTC (7 years, 10 months ago) by ru
Branches: MAIN
Diff to: previous 1.211: preferred, colored
Changes since revision 1.211: +3 -13 lines
Untangle IP multicast routing interaction with delayed payload checksums. Compute the payload checksum for a locally originated IP multicast where God intended, in ip_mloopback(), rather than doing it in ip_output() and only when multicast router is active. This is more correct as we do not fool ip_input() that the packet has the correct payload checksum when in fact it does not (when multicast router is inactive). This is also more efficient if we don't join the multicast group we send to, thus allowing the hardware to checksum the payload.
Revision 1.211: download - view: text, markup, annotated - select for diffs
Tue Mar 2 14:37:23 2004 UTC (7 years, 11 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.210: preferred, colored
Changes since revision 1.210: +2 -3 lines
Two minor follow-ups on the MT_TAG removal: ifp is now passed explicitly to ether_demux; no need to look it up again. Make mtag a global var in ip_input. Noticed by: rwatson Approved by: bms(mentor)
Revision 1.210: download - view: text, markup, annotated - select for diffs
Wed Feb 25 19:55:28 2004 UTC (7 years, 11 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.209: preferred, colored
Changes since revision 1.209: +48 -51 lines
Re-remove MT_TAGs. The problems with dummynet have been fixed now. Tested by: -current, bms(mentor), me Approved by: bms(mentor), sam
Revision 1.209: download - view: text, markup, annotated - select for diffs
Wed Feb 18 00:04:52 2004 UTC (7 years, 11 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.208: preferred, colored
Changes since revision 1.208: +53 -60 lines
Backout MT_TAG removal (i.e. bring back MT_TAGs) for now, as dummynet is not working properly with the patch in place. Approved by: bms(mentor)
Revision 1.208: download - view: text, markup, annotated - select for diffs
Mon Feb 16 17:05:06 2004 UTC (7 years, 11 months ago) by ume
Branches: MAIN
Diff to: previous 1.207: preferred, colored
Changes since revision 1.207: +5 -3 lines
don't update outgoing ifp, if ipsec tunnel mode encapsulation was not made. Obtained from: KAME
Revision 1.99.2.42: download - view: text, markup, annotated - select for diffs
Sat Feb 14 22:23:22 2004 UTC (7 years, 11 months ago) by bms
Branches: RELENG_4
Diff to: previous 1.99.2.41: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.41: +1 -0 lines
MFC: Import of TCP-MD5 (RFC2385) support. Sponsored by: sentex.net
Revision 1.207: download - view: text, markup, annotated - select for diffs
Fri Feb 13 19:14:15 2004 UTC (7 years, 11 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.206: preferred, colored
Changes since revision 1.206: +60 -53 lines
This set of changes eliminates the use of MT_TAG "pseudo mbufs", replacing them mostly with packet tags (one case is handled by using an mbuf flag since the linkage between "caller" and "callee" is direct and there's no need to incur the overhead of a packet tag). This is (mostly) work from: sam Silence from: -arch Approved by: bms(mentor), sam, rwatson
Revision 1.206: download - view: text, markup, annotated - select for diffs
Wed Feb 11 04:26:01 2004 UTC (8 years ago) by bms
Branches: MAIN
Diff to: previous 1.205: preferred, colored
Changes since revision 1.205: +1 -0 lines
Initial import of RFC 2385 (TCP-MD5) digest support. This is the first of two commits; bringing in the kernel support first. This can be enabled by compiling a kernel with options TCP_SIGNATURE and FAST_IPSEC. For the uninitiated, this is a TCP option which provides for a means of authenticating TCP sessions which came into being before IPSEC. It is still relevant today, however, as it is used by many commercial router vendors, particularly with BGP, and as such has become a requirement for interconnect at many major Internet points of presence. Several parts of the TCP and IP headers, including the segment payload, are digested with MD5, including a shared secret. The PF_KEY interface is used to manage the secrets using security associations in the SADB. There is a limitation here in that as there is no way to map a TCP flow per-port back to an SPI without polluting tcpcb or using the SPD; the code to do the latter is unstable at this time. Therefore this code only supports per-host keying granularity. Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6), TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective users of this feature, this will not pose any problem. This implementation is output-only; that is, the option is honoured when responding to a host initiating a TCP session, but no effort is made [yet] to authenticate inbound traffic. This is, however, sufficient to interwork with Cisco equipment. Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with local patches. Patches for tcpdump to validate TCP-MD5 sessions are also available from me upon request. Sponsored by: sentex.net
Revision 1.205: download - view: text, markup, annotated - select for diffs
Tue Feb 3 18:20:54 2004 UTC (8 years ago) by ume
Branches: MAIN
Diff to: previous 1.204: preferred, colored
Changes since revision 1.204: +2 -8 lines
pass pcb rather than so. it is expected that per socket policy works again.
Revision 1.203.2.1: download - view: text, markup, annotated - select for diffs
Fri Jan 9 12:18:17 2004 UTC (8 years, 1 month ago) by andre
Branches: RELENG_5_2
CVS tags: RELENG_5_2_1_RELEASE, RELENG_5_2_0_RELEASE
Diff to: previous 1.203: preferred, colored; next MAIN 1.204: preferred, colored
Changes since revision 1.203: +6 -12 lines
MFC rev 1.204: Do not set the ip_id to zero when DF is set on packet. Approved by: re (scottl)
Revision 1.204: download - view: text, markup, annotated - select for diffs
Thu Jan 8 11:13:40 2004 UTC (8 years, 1 month ago) by andre
Branches: MAIN
Diff to: previous 1.203: preferred, colored
Changes since revision 1.203: +6 -12 lines
Do not set the ip_id to zero when DF is set on packet and restore the general pre-randomid behaviour. Setting the ip_id to zero causes several problems with packet reassembly when a device along the path removes the DF bit for some reason. Other BSD and Linux have found and fixed the same issues. PR: kern/60889 Tested by: Richard Wendland <richard@wendland.org.uk> Approved by: re (scottl)
Revision 1.203: download - view: text, markup, annotated - select for diffs
Thu Nov 20 20:07:38 2003 UTC (8 years, 2 months ago) by andre
Branches: MAIN
CVS tags: RELENG_5_2_BP
Branch point for: RELENG_5_2
Diff to: previous 1.202: preferred, colored
Changes since revision 1.202: +9 -16 lines
Introduce tcp_hostcache and remove the tcp specific metrics from the routing table. Move all usage and references in the tcp stack from the routing table metrics to the tcp hostcache. It caches measured parameters of past tcp sessions to provide better initial start values for following connections from or to the same source or destination. Depending on the network parameters to/from the remote host this can lead to significant speedups for new tcp connections after the first one because they inherit and shortcut the learning curve. tcp_hostcache is designed for multiple concurrent access in SMP environments with high contention and is hash indexed by remote ip address. It removes significant locking requirements from the tcp stack with regard to the routing table. Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
Revision 1.202: download - view: text, markup, annotated - select for diffs
Thu Nov 20 19:47:30 2003 UTC (8 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.201: preferred, colored
Changes since revision 1.201: +2 -2 lines
Remove RTF_PRCLONING from routing table and adjust users of it accordingly. The define is left intact for ABI compatibility with userland. This is a pre-step for the introduction of tcp_hostcache. The network stack remains fully useable with this change. Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
Revision 1.201: download - view: text, markup, annotated - select for diffs
Fri Nov 14 21:48:57 2003 UTC (8 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.200: preferred, colored
Changes since revision 1.200: +8 -17 lines
Remove the global one-level rtcache variable and associated complex locking and rework ip_rtaddr() to do its own rtlookup. Adopt all its callers to this and make ip_output() callable with NULL rt pointer. Reviewed by: sam (mentor)
Revision 1.200: download - view: text, markup, annotated - select for diffs
Fri Nov 14 21:02:22 2003 UTC (8 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.199: preferred, colored
Changes since revision 1.199: +1 -0 lines
Introduce ip_fastforward and remove ip_flow. Short description of ip_fastforward: o adds full direct process-to-completion IPv4 forwarding code o handles ip fragmentation incl. hw support (ip_flow did not) o sends icmp needfrag to source if DF is set (ip_flow did not) o supports ipfw and ipfilter (ip_flow did not) o supports divert, ipfw fwd and ipfilter nat (ip_flow did not) o returns anything it can't handle back to normal ip_input Enable with sysctl -w net.inet.ip.fastforwarding=1 Reviewed by: sam (mentor)
Revision 1.199: download - view: text, markup, annotated - select for diffs
Wed Nov 12 23:35:40 2003 UTC (8 years, 3 months ago) by andre
Branches: MAIN
Diff to: previous 1.198: preferred, colored
Changes since revision 1.198: +2 -1 lines
Do not fragment a packet with hardware assistance if it has the DF bit set. Reviewed by: sam (mentor)
Revision 1.198: download - view: text, markup, annotated - select for diffs
Sat Nov 8 23:03:29 2003 UTC (8 years, 3 months ago) by sam
Branches: MAIN
Diff to: previous 1.197: preferred, colored
Changes since revision 1.197: +2 -0 lines
assert optional inpcb is passed in locked Supported by: FreeBSD Foundation
Revision 1.197: download - view: text, markup, annotated - select for diffs
Tue Nov 4 16:02:01 2003 UTC (8 years, 3 months ago) by ume
Branches: MAIN
Diff to: previous 1.196: preferred, colored
Changes since revision 1.196: +10 -3 lines
- cleanup SP refcnt issue.
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all. secpolicy no longer contain
spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy. assign ID field to
all SPD entries. make it possible for racoon to grab SPD entry on
pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header. a mode is always needed
to compare them.
- fixed that the incorrect time was set to
sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
XXX in theory refcnt should do the right thing, however, we have
"spdflush" which would touch all SPs. another solution would be to
de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion. ipsec_*_policy ->
ipsec_*_pcbpolicy.
- avoid variable name confusion.
(struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
"src" of the spidx specifies ICMP type, and the port field in "dst"
of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
kernel forwards the packets.
Tested by: nork
Obtained from: KAME
Revision 1.196: download - view: text, markup, annotated - select for diffs
Mon Nov 3 18:03:05 2003 UTC (8 years, 3 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.195: preferred, colored
Changes since revision 1.195: +2 -0 lines
Note that when ip_output() is called from ip_forward(), it will already have its options inserted, so the opt argument to ip_output() must be NULL.
Revision 1.195: download - view: text, markup, annotated - select for diffs
Sat Oct 4 03:44:49 2003 UTC (8 years, 4 months ago) by sam
Branches: MAIN
Diff to: previous 1.194: preferred, colored
Changes since revision 1.194: +1 -1 lines
Locking for updates to routing table entries. Each rtentry gets a mutex that covers updates to the contents. Note this is separate from holding a reference and/or locking the routing table itself. Other/related changes: o rtredirect loses the final parameter by which an rtentry reference may be returned; this was never used and added unwarranted complexity for locking. o minor style cleanups to routing code (e.g. ansi-fy function decls) o remove the logic to bump the refcnt on the parent of cloned routes, we assume the parent will remain as long as the clone; doing this avoids a circularity in locking during delete o convert some timeouts to MPSAFE callouts Notes: 1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level applications cannot/do-no know about mutex's. Doing this requires that the mutex be the last element in the structure. A better solution is to introduce an externalized version of struct rtentry but this is a major task because of the intertwining of rtentry and other data structures that are visible to user applications. 2. There are known LOR's that are expected to go away with forthcoming work to eliminate many held references. If not these will be resolved prior to release. 3. ATM changes are untested. Sponsored by: FreeBSD Foundation Obtained from: BSD/OS (partly)
Revision 1.194: download - view: text, markup, annotated - select for diffs
Tue Sep 23 17:54:03 2003 UTC (8 years, 4 months ago) by sam
Branches: MAIN
Diff to: previous 1.193: preferred, colored
Changes since revision 1.193: +8 -19 lines
o update PFIL_HOOKS support to current API used by netbsd o revamp IPv4+IPv6+bridge usage to match API changes o remove pfil_head instances from protosw entries (no longer used) o add locking o bump FreeBSD version for 3rd party modules Heavy lifting by: "Max Laier" <max@love2party.net> Supported by: FreeBSD Foundation Obtained from: NetBSD (bits of pfil.h and pfil.c)
Revision 1.99.2.41: download - view: text, markup, annotated - select for diffs
Sat Sep 13 05:52:47 2003 UTC (8 years, 5 months ago) by silby
Branches: RELENG_4
CVS tags: RELENG_4_9_BP, RELENG_4_9_0_RELEASE, RELENG_4_9
Diff to: previous 1.99.2.40: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.40: +2 -18 lines
MFC mbuf_stress_test Mark II. Approved by: re (murray)
Revision 1.99.2.40: download - view: text, markup, annotated - select for diffs
Tue Sep 9 19:09:22 2003 UTC (8 years, 5 months ago) by bms
Branches: RELENG_4
Diff to: previous 1.99.2.39: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.39: +12 -0 lines
MFC: Add the IP_ONESBCAST option, to enable undirected IP broadcasts to be sent on specific interfaces. This is required by aodvd, and may in future help us in getting rid of the requirement for BPF from our import of isc-dhcp. PR: kern/37486 Obtained from: BSD/OS Approved by: re, jake (mentor)
Revision 1.193: download - view: text, markup, annotated - select for diffs
Mon Sep 1 05:55:37 2003 UTC (8 years, 5 months ago) by silby
Branches: MAIN
Diff to: previous 1.192: preferred, colored
Changes since revision 1.192: +2 -18 lines
Implement MBUF_STRESS_TEST mark II. Changes from the original implementation: - Fragmentation is handled by the function m_fragment, which can be called from whereever fragmentation is needed. Note that this function is wrapped in #ifdef MBUF_STRESS_TEST to discourage non-testing use. - m_fragment works slightly differently from the old fragmentation code in that it allocates a seperate mbuf cluster for each fragment. This defeats dma_map_load_mbuf/buffer's feature of coalescing adjacent fragments. While that is a nice feature in practice, it nerfed the usefulness of mbuf_stress_test. - Add two modes of random fragmentation. Chains with fragments all of the same random length and chains with fragments that are each uniquely random in length may now be requested.
Revision 1.99.2.39: download - view: text, markup, annotated - select for diffs
Sun Aug 24 08:24:38 2003 UTC (8 years, 5 months ago) by hsu
Branches: RELENG_4
Diff to: previous 1.99.2.38: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.38: +185 -108 lines
Merge from -current support for Protocol Independent Multicast. Submitted by: Pavlin Radoslavov <pavlin@icir.org>
Revision 1.192: download - view: text, markup, annotated - select for diffs
Wed Aug 20 14:46:40 2003 UTC (8 years, 5 months ago) by bms
Branches: MAIN
Diff to: previous 1.191: preferred, colored
Changes since revision 1.191: +12 -0 lines
Add the IP_ONESBCAST option, to enable undirected IP broadcasts to be sent on specific interfaces. This is required by aodvd, and may in future help us in getting rid of the requirement for BPF from our import of isc-dhcp. Suggested by: fenestro Obtained from: BSD/OS Reviewed by: mini, sam Approved by: jake (mentor)
Revision 1.191: download - view: text, markup, annotated - select for diffs
Thu Aug 7 18:16:59 2003 UTC (8 years, 6 months ago) by hsu
Branches: MAIN
Diff to: previous 1.190: preferred, colored
Changes since revision 1.190: +145 -112 lines
1. Basic PIM kernel support Disabled by default. To enable it, the new "options PIM" must be added to the kernel configuration file (in addition to MROUTING): options MROUTING # Multicast routing options PIM # Protocol Independent Multicast 2. Add support for advanced multicast API setup/configuration and extensibility. 3. Add support for kernel-level PIM Register encapsulation. Disabled by default. Can be enabled by the advanced multicast API. 4. Implement a mechanism for "multicast bandwidth monitoring and upcalls". Submitted by: Pavlin Radoslavov <pavlin@icir.org>
Revision 1.99.2.38: download - view: text, markup, annotated - select for diffs
Sat Jul 19 06:30:03 2003 UTC (8 years, 6 months ago) by silby
Branches: RELENG_4
Diff to: previous 1.99.2.37: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.37: +1 -1 lines
MFC rev 1.190
Revision 1.190: download - view: text, markup, annotated - select for diffs
Sat Jul 19 05:50:32 2003 UTC (8 years, 6 months ago) by silby
Branches: MAIN
Diff to: previous 1.189: preferred, colored
Changes since revision 1.189: +1 -1 lines
Minor fix to the MBUF_STRESS_TEST code so that it keeps pkthdr.len consistant at all times. (Some debugging code I'm working on is tripped otherwise.) MFC after: 3 days
Revision 1.189: download - view: text, markup, annotated - select for diffs
Sat May 31 17:55:21 2003 UTC (8 years, 8 months ago) by wollman
Branches: MAIN
Diff to: previous 1.188: preferred, colored
Changes since revision 1.188: +17 -4 lines
Don't generate an ip_id for packets with the DF bit set; ip_id is only meaningful for fragments. Also don't bother to byte-swap the ip_id when we do generate it; it is only used at the receiver as a nonce. I tried several different permutations of this code with no measurable difference to each other or to the unmodified version, so I've settled on the one for which gcc seems to generate the best code. (If anyone cares to microoptimize this differently for an architecture where it actually matters, feel free.) Suggested by: Steve Bellovin's paper in IMW'02
Revision 1.188: download - view: text, markup, annotated - select for diffs
Tue Apr 29 21:36:18 2003 UTC (8 years, 9 months ago) by mdodd
Branches: MAIN
CVS tags: RELENG_5_1_BP, RELENG_5_1_0_RELEASE, RELENG_5_1
Diff to: previous 1.187: preferred, colored
Changes since revision 1.187: +10 -0 lines
IP_RECVTTL socket option. Reviewed by: Stuart Cheshire <cheshire@apple.com>
Revision 1.99.2.37: download - view: text, markup, annotated - select for diffs
Tue Apr 15 06:44:45 2003 UTC (8 years, 9 months ago) by silby
Branches: RELENG_4
Diff to: previous 1.99.2.36: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.36: +28 -0 lines
MFC the MBUF_STRESS_TEST code relating to net.inet.ip.mbuf_frag_size revisions 1.187, 1.180, 1.179
Revision 1.187: download - view: text, markup, annotated - select for diffs
Sat Apr 12 06:11:46 2003 UTC (8 years, 10 months ago) by silby
Branches: MAIN
Diff to: previous 1.186: preferred, colored
Changes since revision 1.186: +3 -3 lines
Rename MBUF_FRAG_TEST to MBUF_STRESS_TEST as it will be extended to include more than just frag tests.
Revision 1.186: download - view: text, markup, annotated - select for diffs
Tue Apr 8 14:25:46 2003 UTC (8 years, 10 months ago) by des
Branches: MAIN
Diff to: previous 1.185: preferred, colored
Changes since revision 1.185: +1 -1 lines
Introduce an M_ASSERTPKTHDR() macro which performs the very common task of asserting that an mbuf has a packet header. Use it instead of hand- rolled versions wherever applicable. Submitted by: Hiten Pandya <hiten@unixdaemons.com>
Revision 1.185: download - view: text, markup, annotated - select for diffs
Fri Apr 4 12:14:00 2003 UTC (8 years, 10 months ago) by des
Branches: MAIN
Diff to: previous 1.184: preferred, colored
Changes since revision 1.184: +6 -7 lines
Replace memcpy() and ovbcopy() with bcopy(); ditch some caddr_t usage.
Revision 1.184: download - view: text, markup, annotated - select for diffs
Wed Apr 2 20:14:43 2003 UTC (8 years, 10 months ago) by mdodd
Branches: MAIN
Diff to: previous 1.183: preferred, colored
Changes since revision 1.183: +1 -30 lines
Back out support for RFC3514. RFC3514 poses an unacceptale risk to compliant systems.
Revision 1.183: download - view: text, markup, annotated - select for diffs
Wed Apr 2 18:02:58 2003 UTC (8 years, 10 months ago) by mdodd
Branches: MAIN
Diff to: previous 1.182: preferred, colored
Changes since revision 1.182: +3 -2 lines
- Use the correct constant define. - Add a missing break.
Revision 1.182: download - view: text, markup, annotated - select for diffs
Wed Apr 2 10:28:47 2003 UTC (8 years, 10 months ago) by mdodd
Branches: MAIN
Diff to: previous 1.181: preferred, colored
Changes since revision 1.181: +5 -4 lines
Sync constant define with NetBSD. Requested by: Tom Spindler <dogcow@babymeat.com>
Revision 1.181: download - view: text, markup, annotated - select for diffs
Tue Apr 1 08:21:44 2003 UTC (8 years, 10 months ago) by mdodd
Branches: MAIN
Diff to: previous 1.180: preferred, colored
Changes since revision 1.180: +28 -1 lines
Implement support for RFC 3514 (The Security Flag in the IPv4 Header). (See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt) This fulfills the host requirements for userland support by way of the setsockopt() IP_EVIL_INTENT message. There are three sysctl tunables provided to govern system behavior. net.inet.ip.rfc3514: Enables support for rfc3514. As this is an Informational RFC and support is not yet widespread this option is disabled by default. net.inet.ip.hear_no_evil If set the host will discard all received evil packets. net.inet.ip.speak_no_evil If set the host will discard all transmitted evil packets. The IP statistics counter 'ips_evil' (available via 'netstat') provides information on the number of 'evil' packets recieved. For reference, the '-E' option to 'ping' has been provided to demonstrate and test the implementation.
Revision 1.180: download - view: text, markup, annotated - select for diffs
Tue Mar 25 23:49:14 2003 UTC (8 years, 10 months ago) by mux
Branches: MAIN
Diff to: previous 1.179: preferred, colored
Changes since revision 1.179: +10 -12 lines
Try to make the MBUF_FRAG_TEST code work better. - Don't try to fragment the packet if it's smaller than mbuf_frag_size. - Preserve the size of the mbuf chain which is modified by m_split(). - Check that m_split() didn't return NULL. - Make it so we don't end up with two M_PKTHDR mbuf in the chain. - Use m->m_pkthdr.len instead of m->m_len so that we fragment the whole chain and not just the first mbuf. - Fix a nearby style bug and rework the logic of the loops so that it's more clear. This is still not quite right, because we're clearly abusing m_split() to do something it was not designed for, but at least it works now. We should probably move this code into a m_fragment() function when it's correct.
Revision 1.179: download - view: text, markup, annotated - select for diffs
Tue Mar 25 05:45:05 2003 UTC (8 years, 10 months ago) by silby
Branches: MAIN
Diff to: previous 1.178: preferred, colored
Changes since revision 1.178: +30 -0 lines
Add the MBUF_FRAG_TEST option. When compiled in, this option allows you to tell ip_output to fragment all outgoing packets into mbuf fragments of size net.inet.ip.mbuf_frag_size bytes. This is an excellent way to test if network drivers can properly handle long mbuf chains being passed to them. net.inet.ip.mbuf_frag_size defaults to 0 (no fragmentation) so that you can at least boot before your network driver dies. :)
Revision 1.178: download - view: text, markup, annotated - select for diffs
Thu Feb 20 18:22:21 2003 UTC (8 years, 11 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.177: preferred, colored
Changes since revision 1.177: +0 -1 lines
Remove unused variables in the IPSEC case. Submitted by: Lars Eggert <larse@ISI.EDU>
Revision 1.177: download - view: text, markup, annotated - select for diffs
Wed Feb 19 22:32:42 2003 UTC (8 years, 11 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.176: preferred, colored
Changes since revision 1.176: +2 -2 lines
Add a TCP TIMEWAIT state which uses less space than a fullblown TCP control block. Allow the socket and tcpcb structures to be freed earlier than inpcb. Update code to understand an inp w/o a socket. Reviewed by: hsu, silby, jayanth Sponsored by: DARPA, NAI Labs
Revision 1.176: download - view: text, markup, annotated - select for diffs
Wed Feb 19 05:47:34 2003 UTC (8 years, 11 months ago) by imp
Branches: MAIN
Diff to: previous 1.175: preferred, colored
Changes since revision 1.175: +5 -5 lines
Back out M_* changes, per decision of the TRB. Approved by: trb
Revision 1.99.2.36: download - view: text, markup, annotated - select for diffs
Thu Jan 30 05:53:28 2003 UTC (9 years ago) by sam
Branches: RELENG_4
CVS tags: RELENG_4_8_BP, RELENG_4_8_0_RELEASE, RELENG_4_8
Diff to: previous 1.99.2.35: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.35: +9 -0 lines
MFC 1.175: ignore ENOENT generated by SA acquire (a la KAME) Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
Revision 1.175: download - view: text, markup, annotated - select for diffs
Thu Jan 30 05:45:45 2003 UTC (9 years ago) by sam
Branches: MAIN
Diff to: previous 1.174: preferred, colored
Changes since revision 1.174: +9 -0 lines
FAST_IPSEC bandaid: act like KAME and ignore ENOENT error codes from ipsec4_process_packet; they happen when a packet is dropped because an SA acquire is initiated Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
Revision 1.99.2.35: download - view: text, markup, annotated - select for diffs
Fri Jan 24 05:11:34 2003 UTC (9 years ago) by sam
Branches: RELENG_4
Diff to: previous 1.99.2.34: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.34: +144 -2 lines
MFC: Fast IPsec "Fast IPsec": this is an experimental IPsec implementation that is derived from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation is that it uses the kernel crypto framework to do all crypto work so when h/w crypto support is present IPsec operation is automatically accelerated. Otherwise the protocol implementations are rather differet while the SADB and policy management code is very similar to KAME (for the moment). Note that this implementation is enabled with a FAST_IPSEC option. With this you get all protocols; i.e. there is no FAST_IPSEC_ESP option. FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a single system. This software is well tested with IPv4 but should be considered very experimental (i.e. do not deploy in production environments). This software does NOT currently support IPv6. In fact do not configure FAST_IPSEC and INET6 in the same system. Supported by: Vernier Networks
Revision 1.99.2.34: download - view: text, markup, annotated - select for diffs
Thu Jan 23 21:06:45 2003 UTC (9 years ago) by sam
Branches: RELENG_4
Diff to: previous 1.99.2.33: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.33: +5 -10 lines
MFC: m_tag support
Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
inpcb parameter to ip_output and ip6_output to allow the IPsec code to
locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version
Revision 1.174: download - view: text, markup, annotated - select for diffs
Tue Jan 21 08:56:04 2003 UTC (9 years ago) by alfred
Branches: MAIN
Diff to: previous 1.173: preferred, colored
Changes since revision 1.173: +5 -5 lines
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
Revision 1.173: download - view: text, markup, annotated - select for diffs
Wed Jan 1 18:48:55 2003 UTC (9 years, 1 month ago) by schweikh
Branches: MAIN
Diff to: previous 1.172: preferred, colored
Changes since revision 1.172: +1 -1 lines
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, especially in troff files.
Revision 1.99.2.33: download - view: text, markup, annotated - select for diffs
Wed Nov 20 23:20:55 2002 UTC (9 years, 2 months ago) by luigi
Branches: RELENG_4
Diff to: previous 1.99.2.32: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.32: +7 -4 lines
MFC: fix multicast routing KLD support, including some minor bug fixes
(see 1.83 of ip_mroute.c).
In detail:
conf/files
ip_mroute optional mrouting
net/route.c
remove useless #include, MFC mrouting KLD support
netinet/ip_encap.c
remove useless #include, access ipip_input through a function pointer
(only a partial MFC -- -current has a better solution).
fix interface to encap4_input() to avoid varargs
netinet/ip_encap.h
remove __P, fix interface to encap4_input
netinet/ip_input.c
MFC: mrouting KLD support, and move here rsvp_input() together
with the rest of the rsvp code.
netinet/ip_mroute.[ch]
MFC 1.83 mrouting cleanup and KLD support
netinet/ip_output.c
MFC mrouting KLD support
netinet/ip_var.h
MFC support for mrouting KLD
netinet/raw_ip.c
MFC support for mrouting KLD
Also some innocuous style cleanup (fix function headers,
remove register, etc.) which have slipped in and i am too
fed up to remove yet another time (and rerun all the kernel
builds with all possible combinations of relevant options to
make sure their removal does not introduce bugs).
Revision 1.172: download - view: text, markup, annotated - select for diffs
Wed Nov 20 18:56:25 2002 UTC (9 years, 2 months ago) by luigi
Branches: MAIN
CVS tags: RELENG_5_0_BP, RELENG_5_0_0_RELEASE, RELENG_5_0
Diff to: previous 1.171: preferred, colored
Changes since revision 1.171: +143 -168 lines
Back out the ip_fragment() code -- it is not urgent to have it in now, I will put it back in in a better form after 5.0 is out. Requested by: sam, rwatson, luigi (on second thought) Approved by: re
Revision 1.171: download - view: text, markup, annotated - select for diffs
Sun Nov 17 16:30:44 2002 UTC (9 years, 2 months ago) by luigi
Branches: MAIN
Diff to: previous 1.170: preferred, colored
Changes since revision 1.170: +168 -143 lines
Move the ip_fragment code from ip_output() to a separate function, so that it can be reused elsewhere (there is a number of places where it can be useful). This also trims some 200 lines from the body of ip_output(), which helps readability a bit. (This change was discussed a few weeks ago on the mailing lists, Julian agreed, silence from others. It is not a functional change, so i expect it to be ok to commit it now but i am happy to back it out if there are objections). While at it, fix some function headers and replace m_copy() with m_copypacket() where applicable. MFC after: 1 week
Revision 1.170: download - view: text, markup, annotated - select for diffs
Fri Nov 15 22:53:52 2002 UTC (9 years, 2 months ago) by luigi
Branches: MAIN
Diff to: previous 1.169: preferred, colored
Changes since revision 1.169: +7 -4 lines
Massive cleanup of the ip_mroute code.
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
Revision 1.169: download - view: text, markup, annotated - select for diffs
Fri Nov 8 23:11:02 2002 UTC (9 years, 3 months ago) by sam
Branches: MAIN
Diff to: previous 1.168: preferred, colored
Changes since revision 1.168: +1 -1 lines
correct fast ipsec logic: compare destination ip address against the contents of the SA, not the SP Submitted by: "Doug Ambrisko" <ambrisko@verniernetworks.com>
Revision 1.168: download - view: text, markup, annotated - select for diffs
Sun Oct 20 22:52:07 2002 UTC (9 years, 3 months ago) by phk
Branches: MAIN
Diff to: previous 1.167: preferred, colored
Changes since revision 1.167: +17 -39 lines
Fix two instances of variant struct definitions in sys/netinet: Remove the never completed _IP_VHL version, it has not caught on anywhere and it would make us incompatible with other BSD netstacks to retain this version. Add a CTASSERT protecting sizeof(struct ip) == 20. Don't let the size of struct ipq depend on the IPDIVERT option. This is a functional no-op commit. Approved by: re
Revision 1.167: download - view: text, markup, annotated - select for diffs
Wed Oct 16 02:25:04 2002 UTC (9 years, 3 months ago) by sam
Branches: MAIN
Diff to: previous 1.166: preferred, colored
Changes since revision 1.166: +146 -2 lines
Tie new "Fast IPsec" code into the build. This involves the usual configuration stuff as well as conditional code in the IPv4 and IPv6 areas. Everything is conditional on FAST_IPSEC which is mutually exclusive with IPSEC (KAME IPsec implmentation). As noted previously, don't use FAST_IPSEC with INET6 at the moment. Reviewed by: KAME, rwatson Approved by: silence Supported by: Vernier Networks
Revision 1.166: download - view: text, markup, annotated - select for diffs
Wed Oct 16 01:54:44 2002 UTC (9 years, 3 months ago) by sam
Branches: MAIN
Diff to: previous 1.165: preferred, colored
Changes since revision 1.165: +5 -11 lines
Replace aux mbufs with packet tags: o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
Revision 1.99.2.32: download - view: text, markup, annotated - select for diffs
Tue Oct 15 11:21:39 2002 UTC (9 years, 3 months ago) by maxim
Branches: RELENG_4
Diff to: previous 1.99.2.31: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.31: +9 -3 lines
MFC rev. 1.164 - 1.165: in rare cases when there is no room for ip options ip_insertoptions() can fail and corrupt a header length. Initialize len and check what ip_insertoptions() returns.
Revision 1.165: download - view: text, markup, annotated - select for diffs
Mon Sep 23 08:56:24 2002 UTC (9 years, 4 months ago) by maxim
Branches: MAIN
Diff to: previous 1.164: preferred, colored
Changes since revision 1.164: +8 -4 lines
Slightly rearrange a code in rev. 1.164: o Move len initialization closer to place of its first usage. o Compare len with 0 to improve readability. o Explicitly zero out phlen in ip_insertoptions() in failure case. Suggested by: jhb Reviewed by: jhb MFC after: 2 weeks
Revision 1.164: download - view: text, markup, annotated - select for diffs
Tue Sep 17 11:13:04 2002 UTC (9 years, 4 months ago) by maxim
Branches: MAIN
Diff to: previous 1.163: preferred, colored
Changes since revision 1.163: +3 -1 lines
In rare cases when there is no room for ip options ip_insertoptions() can fail and corrupt a header length. Initialize len and check what ip_insertoptions() returns. Reviewed by: archie, silence on -net MFC after: 5 days
Revision 1.163: download - view: text, markup, annotated - select for diffs
Wed Jul 31 17:21:01 2002 UTC (9 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.162: preferred, colored
Changes since revision 1.162: +8 -0 lines
Introduce support for Mandatory Access Control and extensible kernel access control. When fragmenting an IP datagram, invoke an appropriate MAC entry point so that MAC labels may be copied (...) to the individual IP fragment mbufs by MAC policies. When IP options are inserted into an IP datagram when leaving a host, preserve the label if we need to reallocate the mbuf for alignment or size reasons. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Revision 1.99.2.31: download - view: text, markup, annotated - select for diffs
Fri Jul 12 22:14:12 2002 UTC (9 years, 7 months ago) by luigi
Branches: RELENG_4
CVS tags: RELENG_4_7_BP, RELENG_4_7_0_RELEASE, RELENG_4_7
Diff to: previous 1.99.2.30: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.30: +3 -2 lines
Restore check for ro_rt != NULL to prevent dereferencing a NULL pointer. This has been in since 1.99.2.12 and was lost in 1.99.2.30
Revision 1.162: download - view: text, markup, annotated - select for diffs
Fri Jul 12 22:08:47 2002 UTC (9 years, 7 months ago) by luigi
Branches: MAIN
Diff to: previous 1.161: preferred, colored
Changes since revision 1.161: +3 -2 lines
Avoid dereferencing a null pointer in ro_rt. This was always broken in HEAD (the offending statement was introduced in rev. 1.123 for HEAD, while RELENG_4 included this fix (in rev. 1.99.2.12 for RELENG_4) and I inadvertently deleted it in 1.99.2.30. So I am also restoring these two lines in RELENG_4 now. We might need another few things from 1.99.2.30.
Revision 1.99.2.30: download - view: text, markup, annotated - select for diffs
Tue Jul 9 09:11:42 2002 UTC (9 years, 7 months ago) by luigi
Branches: RELENG_4
Diff to: previous 1.99.2.29: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.29: +183 -160 lines
The purpose of this commit is to bring the net/ and netinet/ sources
more in sync with what is in -current, so that mainteinance and
bugfix of the two trees is not a nightmare.
THERE IS NO FUNCTIONAL OR EXTERNAL API CHANGE IN THIS COMMIT
You should not need to recompile any userland code.
In (some) more detail, this commit does the following:
* remove a number of static variables from the ip stack that were
used to support DIVERT, IPFIREWALL_FORWARD and stateful rules/
dynamic pipes. These are replaced with packet annotations, much
in the same (ugly for someone, but it is extremely fast and easy
to extend) way used for ages to support dummynet annotations.
On passing, fix a bug in the handling of divert for fragmented packets.
* as part of the removal of static variables, change the (internal)
interface of ip_fw_chk() to use a single structure to hold arguments.
Adapt clients of the above (ip_input, ip_output, bridge, ether_output,
ether_demux) to use the new interface.
* remove some unused variables.
* remove some of the __P() macros from some of the files involved
Because of the NO FUNCTIONAL CHANGE you don't get the following features
which are in -current:
* ipfw on layer-2 packets. All the hooks and the code are there,
but the controlling variable
net.link.ether.ipfw: 0
is readonly because i am only 99% confident on how the old ipfw
handles these frames. Just edit if_ethersubr.c to make the
variable RW if you want this feature. I might commit this in
due time if there is interest.
these frames. Just edit if_ethersubr.c to make it RW if you want this
feature. I might commit this in due time if there is interest.
* ipfw2, the new, faster and more flexible firewall code.
The code has hooks to make use of ipfw2, and I will make patches
available to use it (it is basically 3 files, netinet/ip_fw2.[ch],
sbin/ipfw/ipfw2.c, plus one-line changes in conf/options,
conf/files and sbin/ipfw/Makefile, plus libalias patches).
Revision 1.161: download - view: text, markup, annotated - select for diffs
Thu Jun 27 11:02:06 2002 UTC (9 years, 7 months ago) by mux
Branches: MAIN
Diff to: previous 1.160: preferred, colored
Changes since revision 1.160: +1 -1 lines
Warning fixes for 64 bits platforms. With this last fix, I can build a GENERIC sparc64 kernel with -Werror. Reviewed by: luigi
Revision 1.160: download - view: text, markup, annotated - select for diffs
Wed Jun 26 03:34:51 2002 UTC (9 years, 7 months ago) by ken
Branches: MAIN
Diff to: previous 1.159: preferred, colored
Changes since revision 1.159: +44 -2 lines
At long last, commit the zero copy sockets code. MAKEDEV: Add MAKEDEV glue for the ti(4) device nodes. ti.4: Update the ti(4) man page to include information on the TI_JUMBO_HDRSPLIT and TI_PRIVATE_JUMBOS kernel options, and also include information about the new character device interface and the associated ioctls. man9/Makefile: Add jumbo.9 and zero_copy.9 man pages and associated links. jumbo.9: New man page describing the jumbo buffer allocator interface and operation. zero_copy.9: New man page describing the general characteristics of the zero copy send and receive code, and what an application author should do to take advantage of the zero copy functionality. NOTES: Add entries for ZERO_COPY_SOCKETS, TI_PRIVATE_JUMBOS, TI_JUMBO_HDRSPLIT, MSIZE, and MCLSHIFT. conf/files: Add uipc_jumbo.c and uipc_cow.c. conf/options: Add the 5 options mentioned above. kern_subr.c: Receive side zero copy implementation. This takes "disposable" pages attached to an mbuf, gives them to a user process, and then recycles the user's page. This is only active when ZERO_COPY_SOCKETS is turned on and the kern.ipc.zero_copy.receive sysctl variable is set to 1. uipc_cow.c: Send side zero copy functions. Takes a page written by the user and maps it copy on write and assigns it kernel virtual address space. Removes copy on write mapping once the buffer has been freed by the network stack. uipc_jumbo.c: Jumbo disposable page allocator code. This allocates (optionally) disposable pages for network drivers that want to give the user the option of doing zero copy receive. uipc_socket.c: Add kern.ipc.zero_copy.{send,receive} sysctls that are enabled if ZERO_COPY_SOCKETS is turned on. Add zero copy send support to sosend() -- pages get mapped into the kernel instead of getting copied if they meet size and alignment restrictions. uipc_syscalls.c:Un-staticize some of the sf* functions so that they can be used elsewhere. (uipc_cow.c) if_media.c: In the SIOCGIFMEDIA ioctl in ifmedia_ioctl(), avoid calling malloc() with M_WAITOK. Return an error if the M_NOWAIT malloc fails. The ti(4) driver and the wi(4) driver, at least, call this with a mutex held. This causes witness warnings for 'ifconfig -a' with a wi(4) or ti(4) board in the system. (I've only verified for ti(4)). ip_output.c: Fragment large datagrams so that each segment contains a multiple of PAGE_SIZE amount of data plus headers. This allows the receiver to potentially do page flipping on receives. if_ti.c: Add zero copy receive support to the ti(4) driver. If TI_PRIVATE_JUMBOS is not defined, it now uses the jumbo(9) buffer allocator for jumbo receive buffers. Add a new character device interface for the ti(4) driver for the new debugging interface. This allows (a patched version of) gdb to talk to the Tigon board and debug the firmware. There are also a few additional debugging ioctls available through this interface. Add header splitting support to the ti(4) driver. Tweak some of the default interrupt coalescing parameters to more useful defaults. Add hooks for supporting transmit flow control, but leave it turned off with a comment describing why it is turned off. if_tireg.h: Change the firmware rev to 12.4.11, since we're really at 12.4.11 plus fixes from 12.4.13. Add defines needed for debugging. Remove the ti_stats structure, it is now defined in sys/tiio.h. ti_fw.h: 12.4.11 firmware. ti_fw2.h: 12.4.11 firmware, plus selected fixes from 12.4.13, and my header splitting patches. Revision 12.4.13 doesn't handle 10/100 negotiation properly. (This firmware is the same as what was in the tree previously, with the addition of header splitting support.) sys/jumbo.h: Jumbo buffer allocator interface. sys/mbuf.h: Add a new external mbuf type, EXT_DISPOSABLE, to indicate that the payload buffer can be thrown away / flipped to a userland process. socketvar.h: Add prototype for socow_setup. tiio.h: ioctl interface to the character portion of the ti(4) driver, plus associated structure/type definitions. uio.h: Change prototype for uiomoveco() so that we'll know whether the source page is disposable. ufs_readwrite.c:Update for new prototype of uiomoveco(). vm_fault.c: In vm_fault(), check to see whether we need to do a page based copy on write fault. vm_object.c: Add a new function, vm_object_allocate_wait(). This does the same thing that vm_object allocate does, except that it gives the caller the opportunity to specify whether it should wait on the uma_zalloc() of the object structre. This allows vm objects to be allocated while holding a mutex. (Without generating WITNESS warnings.) vm_object_allocate() is implemented as a call to vm_object_allocate_wait() with the malloc flag set to M_WAITOK. vm_object.h: Add prototype for vm_object_allocate_wait(). vm_page.c: Add page-based copy on write setup, clear and fault routines. vm_page.h: Add page based COW function prototypes and variable in the vm_page structure. Many thanks to Drew Gallatin, who wrote the zero copy send and receive code, and to all the other folks who have tested and reviewed this code over the years.
Revision 1.159: download - view: text, markup, annotated - select for diffs
Sun Jun 23 09:15:43 2002 UTC (9 years, 7 months ago) by luigi
Branches: MAIN
Diff to: previous 1.158: preferred, colored
Changes since revision 1.158: +19 -19 lines
fix bad indentation and whitespace resulting from cut&paste
Revision 1.158: download - view: text, markup, annotated - select for diffs
Sat Jun 22 11:51:02 2002 UTC (9 years, 7 months ago) by luigi
Branches: MAIN
Diff to: previous 1.157: preferred, colored
Changes since revision 1.157: +124 -92 lines
Remove (almost all) global variables that were used to hold
packet forwarding state ("annotations") during ip processing.
The code is considerably cleaner now.
The variables removed by this change are:
ip_divert_cookie used by divert sockets
ip_fw_fwd_addr used for transparent ip redirection
last_pkt used by dynamic pipes in dummynet
Removal of the first two has been done by carrying the annotations
into volatile structs prepended to the mbuf chains, and adding
appropriate code to add/remove annotations in the routines which
make use of them, i.e. ip_input(), ip_output(), tcp_input(),
bdg_forward(), ether_demux(), ether_output_frame(), div_output().
On passing, remove a bug in divert handling of fragmented packet.
Now it is the fragment at offset 0 which sets the divert status of
the whole packet, whereas formerly it was the last incoming fragment
to decide.
Removal of last_pkt required a change in the interface of ip_fw_chk()
and dummynet_io(). On passing, use the same mechanism for dummynet
annotations and for divert/forward annotations.
option IPFIREWALL_FORWARD is effectively useless, the code to
implement it is very small and is now in by default to avoid the
obfuscation of conditionally compiled code.
NOTES:
* there is at least one global variable left, sro_fwd, in ip_output().
I am not sure if/how this can be removed.
* I have deliberately avoided gratuitous style changes in this commit
to avoid cluttering the diffs. Minor stule cleanup will likely be
necessary
* this commit only focused on the IP layer. I am sure there is a
number of global variables used in the TCP and maybe UDP stack.
* despite the number of files touched, there are absolutely no API's
or data structures changed by this commit (except the interfaces of
ip_fw_chk() and dummynet_io(), which are internal anyways), so
an MFC is quite safe and unintrusive (and desirable, given the
improved readability of the code).
MFC after: 10 days
Revision 1.157: download - view: text, markup, annotated - select for diffs
Tue May 21 18:52:24 2002 UTC (9 years, 8 months ago) by arr
Branches: MAIN
Diff to: previous 1.156: preferred, colored
Changes since revision 1.156: +11 -15 lines
- Change the newly turned INVARIANTS #ifdef blocks (they were changed from DIAGNOSTIC yesterday) into KASSERT()'s as these help to increase code readability.
Revision 1.156: download - view: text, markup, annotated - select for diffs
Mon May 20 22:05:13 2002 UTC (9 years, 8 months ago) by arr
Branches: MAIN
Diff to: previous 1.155: preferred, colored
Changes since revision 1.155: +3 -3 lines
- Turn a few DIAGNOSTIC into INVARIANTS since they are really sanity checks.
Revision 1.155: download - view: text, markup, annotated - select for diffs
Thu May 9 10:34:57 2002 UTC (9 years, 9 months ago) by luigi
Branches: MAIN
Diff to: previous 1.154: preferred, colored
Changes since revision 1.154: +3 -14 lines
Cleanup the interface to ip_fw_chk, two of the input arguments
were totally useless and have been removed.
ip_input.c, ip_output.c:
Properly initialize the "ip" pointer in case the firewall does an
m_pullup() on the packet.
Remove some debugging code forgotten long ago.
ip_fw.[ch], bridge.c:
Prepare the grounds for matching MAC header fields in bridged packets,
so we can have 'etherfw' functionality without a lot of kernel and
userland bloat.
Revision 1.99.2.24.2.1: download - view: text, markup, annotated - select for diffs
Mon Apr 15 17:12:05 2002 UTC (9 years, 9 months ago) by nectar
Branches: RELENG_4_5
Diff to: previous 1.99.2.24: preferred, colored; next MAIN 1.99.2.25: preferred, colored
Changes since revision 1.99.2.24: +4 -6 lines
MFC ip_icmp.c 1.69, ip_mroute.c 1.72, ip_output.c 1.153: Fixed IP routing table leak in icmp_reflect().
Revision 1.154: download - view: text, markup, annotated - select for diffs
Mon Apr 1 21:31:06 2002 UTC (9 years, 10 months ago) by jhb
Branches: MAIN
Diff to: previous 1.153: preferred, colored
Changes since revision 1.153: +1 -1 lines
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag. Discussed on: smp@
Revision 1.99.2.29: download - view: text, markup, annotated - select for diffs
Fri Mar 22 16:54:19 2002 UTC (9 years, 10 months ago) by ru
Branches: RELENG_4
CVS tags: RELENG_4_6_BP, RELENG_4_6_2_RELEASE, RELENG_4_6_1_RELEASE, RELENG_4_6_0_RELEASE, RELENG_4_6
Diff to: previous 1.99.2.28: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.28: +4 -6 lines
MFC: Fixed IP routing table leak in icmp_reflect(). ip_icmp.c 1.69, ip_mroute.c 1.72, ip_output.c 1.153.
Revision 1.153: download - view: text, markup, annotated - select for diffs
Fri Mar 22 16:45:54 2002 UTC (9 years, 10 months ago) by ru
Branches: MAIN
Diff to: previous 1.152: preferred, colored
Changes since revision 1.152: +4 -6 lines
Prevent icmp_reflect() from calling ip_output() with a NULL route pointer which will then result in the allocated route's reference count never being decremented. Just flood ping the localhost and watch refcnt of the 127.0.0.1 route with netstat(1). Submitted by: jayanth Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed ip_output() to be called with a NULL route pointer. The previous paragraph shows why this was a bad idea in the first place. MFC after: 0 days
Revision 1.152: download - view: text, markup, annotated - select for diffs
Tue Mar 19 21:25:46 2002 UTC (9 years, 10 months ago) by alfred
Branches: MAIN
Diff to: previous 1.151: preferred, colored
Changes since revision 1.151: +7 -7 lines
Remove __P.
Revision 1.99.2.28: download - view: text, markup, annotated - select for diffs
Tue Feb 26 18:11:24 2002 UTC (9 years, 11 months ago) by ume
Branches: RELENG_4
Diff to: previous 1.99.2.27: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.27: +5 -1 lines
MFC:
- Check the address family of the destination cached in a PCB.
- Clear the cached destination before getting another cached route.
Otherwise, garbage in the padding space (which might be filled in if it was
used for IPv4) could annoy rtalloc.
sys/netinet/in_pcb.c: 1.97
sys/netinet/ip_output.c: 1.149
Revision 1.99.2.27: download - view: text, markup, annotated - select for diffs
Wed Feb 20 14:57:42 2002 UTC (9 years, 11 months ago) by ru
Branches: RELENG_4
Diff to: previous 1.99.2.26: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.26: +10 -10 lines
MFC: 1.150: Unbreak IPF 127/8 redirects.
Revision 1.99.2.26: download - view: text, markup, annotated - select for diffs
Tue Feb 19 22:24:35 2002 UTC (9 years, 11 months ago) by julian
Branches: RELENG_4
Diff to: previous 1.99.2.25: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.25: +11 -5 lines
MFC of change to allow incoming packets to be forwarded.
Revision 1.151: download - view: text, markup, annotated - select for diffs
Mon Feb 18 20:35:22 2002 UTC (9 years, 11 months ago) by mike
Branches: MAIN
Diff to: previous 1.150: preferred, colored
Changes since revision 1.150: +14 -14 lines
o Move NTOHL() and associated macros into <sys/param.h>. These are deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
Revision 1.150: download - view: text, markup, annotated - select for diffs
Fri Feb 15 12:19:03 2002 UTC (9 years, 11 months ago) by ru
Branches: MAIN
Diff to: previous 1.149: preferred, colored
Changes since revision 1.149: +10 -10 lines
Moved the 127/8 check below so that IPF redirects have a chance of working. MFC after: 1 day
Revision 1.99.2.25: download - view: text, markup, annotated - select for diffs
Fri Feb 1 10:42:09 2002 UTC (10 years ago) by ru
Branches: RELENG_4
Diff to: previous 1.99.2.24: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.24: +11 -1 lines
MFC: 1.148: { 127, <any> } MUST NOT appear outside a host.
Revision 1.149: download - view: text, markup, annotated - select for diffs
Mon Jan 21 20:04:22 2002 UTC (10 years ago) by ume
Branches: MAIN
Diff to: previous 1.148: preferred, colored
Changes since revision 1.148: +5 -1 lines
- Check the address family of the destination cached in a PCB. - Clear the cached destination before getting another cached route. Otherwise, garbage in the padding space (which might be filled in if it was used for IPv4) could annoy rtalloc. Obtained from: KAME
Revision 1.148: download - view: text, markup, annotated - select for diffs
Mon Jan 21 13:59:42 2002 UTC (10 years ago) by ru
Branches: MAIN
Diff to: previous 1.147: preferred, colored
Changes since revision 1.147: +11 -1 lines
RFC1122 requires that addresses of the form { 127, <any> } MUST NOT
appear outside a host.
PR: 30792, 33996
Obtained from: ip_input.c
MFC after: 1 week
Revision 1.147: download - view: text, markup, annotated - select for diffs
Sat Jan 5 18:23:53 2002 UTC (10 years, 1 month ago) by fenner
Branches: MAIN
Diff to: previous 1.146: preferred, colored
Changes since revision 1.146: +12 -0 lines
Pre-calculate the checksum for multicast packets sourced on a multicast router. This is overkill; it should be possible to delay to hardware interfaces and only pre-calculate when forwarding to a tunnel.
Revision 1.146: download - view: text, markup, annotated - select for diffs
Fri Dec 28 21:21:57 2001 UTC (10 years, 1 month ago) by julian
Branches: MAIN
Diff to: previous 1.145: preferred, colored
Changes since revision 1.145: +11 -5 lines
Fix ipfw fwd so that it acts as the docs say when forwarding an incoming packet to another machine. Obtained from: Vicor Production tree MFC after: 3 weeks
Revision 1.99.2.24: download - view: text, markup, annotated - select for diffs
Fri Dec 28 10:08:33 2001 UTC (10 years, 1 month ago) by yar
Branches: RELENG_4
CVS tags: RELENG_4_5_BP, RELENG_4_5_0_RELEASE
Branch point for: RELENG_4_5
Diff to: previous 1.99.2.23: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.23: +2 -1 lines
MFC: don't try to free a NULL route when doing IPFIREWALL_FORWARD. A route may be NULL at that point if a packet was sent with the SO_DONTROUTE/IP_ROUTETOIF flag set. Approved by: re
Revision 1.145: download - view: text, markup, annotated - select for diffs
Wed Dec 19 14:54:13 2001 UTC (10 years, 1 month ago) by yar
Branches: MAIN
Diff to: previous 1.144: preferred, colored
Changes since revision 1.144: +2 -1 lines
Don't try to free a NULL route when doing IPFIREWALL_FORWARD. An old route will be NULL at that point if a packet were initially routed to an interface (using the IP_ROUTETOIF flag.) Submitted by: Igor Timkin <ivt@gamma.ru>
Revision 1.99.2.23: download - view: text, markup, annotated - select for diffs
Sat Dec 15 01:06:27 2001 UTC (10 years, 1 month ago) by brooks
Branches: RELENG_4
Diff to: previous 1.99.2.22: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.22: +0 -10 lines
MFC: Make faith(4) interfaces (un)loadable and clonable.
Revision 1.99.2.22: download - view: text, markup, annotated - select for diffs
Fri Dec 14 20:02:53 2001 UTC (10 years, 1 month ago) by jlemon
Branches: RELENG_4
Diff to: previous 1.99.2.21: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.21: +4 -4 lines
MFC: r1.137, r1.138, r1.140; macro centralization, hash list, stats update.
Revision 1.144: download - view: text, markup, annotated - select for diffs
Fri Dec 14 19:34:11 2001 UTC (10 years, 1 month ago) by jlemon
Branches: MAIN
Diff to: previous 1.143: preferred, colored
Changes since revision 1.143: +35 -33 lines
whitespace and style fixes recovered from -stable.
Revision 1.99.2.21: download - view: text, markup, annotated - select for diffs
Fri Dec 7 09:23:11 2001 UTC (10 years, 2 months ago) by ru
Branches: RELENG_4
Diff to: previous 1.99.2.20: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.20: +6 -4 lines
MFC: sys/netinet icmp_var.h 1.19, ip_icmp.c 1.64, ip_input.c 1.185, ip_mroute.c 1.69, ip_output.c 1.143, ip_var.h 1.59 usr.bin netstat/inet.c 1.52 - Make ip_rtaddr() global, and use it to look up the correct source address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. - Allow for ip_output() to be called with a NULL route pointer. PR: kern/31575, kern/29337, kern/30524
Revision 1.143: download - view: text, markup, annotated - select for diffs
Sat Dec 1 13:48:16 2001 UTC (10 years, 2 months ago) by ru
Branches: MAIN
Diff to: previous 1.142: preferred, colored
Changes since revision 1.142: +6 -4 lines
Allow for ip_output() to be called with a NULL route pointer. This fixes a panic I introduced yesterday in ip_icmp.c,v 1.64.
Revision 1.142: download - view: text, markup, annotated - select for diffs
Sun Nov 4 22:56:25 2001 UTC (10 years, 3 months ago) by luigi
Branches: MAIN
Diff to: previous 1.141: preferred, colored
Changes since revision 1.141: +3 -3 lines
MFS: sync the ipfw/dummynet/bridge code with the one recently merged
into stable (mostly , but not only, formatting and comments changes).
Revision 1.99.2.20: download - view: text, markup, annotated - select for diffs
Sun Nov 4 17:33:13 2001 UTC (10 years, 3 months ago) by luigi
Branches: RELENG_4
Diff to: previous 1.99.2.19: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.19: +0 -3 lines
Remove an #ifdef vax entry
Revision 1.99.2.19: download - view: text, markup, annotated - select for diffs
Sat Nov 3 00:36:09 2001 UTC (10 years, 3 months ago) by luigi
Branches: RELENG_4
Diff to: previous 1.99.2.18: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.18: +6 -13 lines
Mega-MFC for ipfw/bridge/dummynet features and fixes added over the past couple of months: * merge of ipfw rule descriptor and chain pointer. No functional change, but the internal data structures and code are way more readable; * BillF code to make ipfw/dummynet/bridge KLD'able. NOTA BENE: this still has some rough edges, which are mostly due to bugs in kldload() rather than in this code. * add a new type of dynamic rule that lets you limit the number of simultaneous connections matching certain criteria (with the usual aggregation based on port/address masks) * fix spl*() protection in same parts of the code; This code also includes some minor bugfixes and code cleanup that I will port to CURRENT as soon as i have a chance. I have tested the code as much as i could, but there is really a million combinations so I might have missed some corner case. Please report if you have problem building things. The only thing known not to work is bridge.ko -- it does forward correctly, but packets directed to the bridge itself are only received from one interface (i suspect some missing initialization), and there are some other issues at unloading time. Please use the statically compiled code for the time being. NOTE ON KLD: It appears that kldload/unload is unable to handle the case of (erroneously) loading/unloading a module which is already compiled in. What happens is that load fails, but the module is listed as loaded, and then the system panics if you attempt an unloading of the module. This problem need fixing in the module loading/unloading code, which is not in my area of competence.
Revision 1.99.2.18: download - view: text, markup, annotated - select for diffs
Fri Nov 2 18:34:58 2001 UTC (10 years, 3 months ago) by wpaul
Branches: RELENG_4
Diff to: previous 1.99.2.17: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.17: +2 -2 lines
MFC: fix mbuf leak in ip_output(). (sending packets with IP options which cause ip_output() to return with error leaks one mbuf per packet)
Revision 1.141: download - view: text, markup, annotated - select for diffs
Tue Oct 30 18:15:48 2001 UTC (10 years, 3 months ago) by wpaul
Branches: MAIN
Diff to: previous 1.140: preferred, colored
Changes since revision 1.140: +1 -1 lines
Fix a (long standing?) bug in ip_output(): if ip_insertoptions() is called and ip_output() encounters an error and bails (i.e. host unreachable), we will leak an mbuf. This is because the code calls m_freem(m0) after jumping to the bad: label at the end of the function, when it should be calling m_freem(m). (m0 is the original mbuf list _without_ the options mbuf prepended.) Obtained from: NetBSD
Revision 1.140: download - view: text, markup, annotated - select for diffs
Tue Oct 30 14:58:27 2001 UTC (10 years, 3 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.139: preferred, colored
Changes since revision 1.139: +2 -1 lines
When dropping a packet because there is no room in the queue (which itself is somewhat bogus), update the statistics to indicate something was dropped. PR: 13740
Revision 1.99.2.17: download - view: text, markup, annotated - select for diffs
Fri Oct 5 19:42:50 2001 UTC (10 years, 4 months ago) by dcs
Branches: RELENG_4
Diff to: previous 1.99.2.16: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.16: +23 -17 lines
MFC: revisions 1.128-1.132. Allow multicast packets to be sent in the absence of a default or multicast network route if an interface was specified. If the interface has no address, use 0.0.0.0 as address (only in the case above). Avoid code that depends variables not set in this new code path.
Revision 1.139: download - view: text, markup, annotated - select for diffs
Fri Oct 5 05:45:27 2001 UTC (10 years, 4 months ago) by ps
Branches: MAIN
Diff to: previous 1.138: preferred, colored
Changes since revision 1.138: +3 -10 lines
Make it so dummynet and bridge can be loaded as modules. Submitted by: billf
Revision 1.138: download - view: text, markup, annotated - select for diffs
Sat Sep 29 04:34:11 2001 UTC (10 years, 4 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.137: preferred, colored
Changes since revision 1.137: +3 -2 lines
Add a hash table that contains the list of internet addresses, and use this in place of the in_ifaddr list when appropriate. This improves performance on hosts which have a large number of IP aliases.
Revision 1.137: download - view: text, markup, annotated - select for diffs
Sat Sep 29 03:23:44 2001 UTC (10 years, 4 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.136: preferred, colored
Changes since revision 1.136: +2 -4 lines
Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h> Remove local definitions.
Revision 1.136: download - view: text, markup, annotated - select for diffs
Thu Sep 27 23:44:26 2001 UTC (10 years, 4 months ago) by luigi
Branches: MAIN
Diff to: previous 1.135: preferred, colored
Changes since revision 1.135: +3 -3 lines
Two main changes here: + implement "limit" rules, which permit to limit the number of sessions between certain host pairs (according to masks). These are a special type of stateful rules, which might be of interest in some cases. See the ipfw manpage for details. + merge the list pointers and ipfw rule descriptors in the kernel, so the code is smaller, faster and more readable. This patch basically consists in replacing "foo->rule->bar" with "rule->bar" all over the place. I have been willing to do this for ages! MFC after: 1 week
Revision 1.135: download - view: text, markup, annotated - select for diffs
Tue Sep 25 18:40:51 2001 UTC (10 years, 4 months ago) by brooks
Branches: MAIN
Diff to: previous 1.134: preferred, colored
Changes since revision 1.134: +1 -11 lines
Make faith loadable, unloadable, and clonable.
Revision 1.134: download - view: text, markup, annotated - select for diffs
Wed Sep 12 08:37:54 2001 UTC (10 years, 5 months ago) by julian
Branches: MAIN
CVS tags: KSE_MILESTONE_2
Diff to: previous 1.133: preferred, colored
Changes since revision 1.133: +4 -4 lines
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
Revision 1.133: download - view: text, markup, annotated - select for diffs
Thu Sep 6 02:40:33 2001 UTC (10 years, 5 months ago) by jlemon
Branches: MAIN
CVS tags: KSE_PRE_MILESTONE_2
Diff to: previous 1.132: preferred, colored
Changes since revision 1.132: +2 -2 lines
Wrap array accesses in macros, which also happen to be lvalues:
ifnet_addrs[i - 1] -> ifaddr_byindex(i)
ifindex2ifnet[i] -> ifnet_byindex(i)
This is intended to ease the conversion to SMPng.
Revision 1.132: download - view: text, markup, annotated - select for diffs
Fri Aug 3 17:36:06 2001 UTC (10 years, 6 months ago) by dcs
Branches: MAIN
Diff to: previous 1.131: preferred, colored
Changes since revision 1.131: +6 -4 lines
MFS: Avoid dropping fragments in the absence of an interface address. Noticed by: fenner Submitted by: iedowse Not committed to current by: iedowse ;-)
Revision 1.131: download - view: text, markup, annotated - select for diffs
Mon Jul 23 16:50:01 2001 UTC (10 years, 6 months ago) by ru
Branches: MAIN
Diff to: previous 1.130: preferred, colored
Changes since revision 1.130: +22 -25 lines
Avoid a NULL pointer derefence introduced in rev. 1.129. Problem noticed by: bde, gcc(1) Panic caught by: mjacob Patch tested by: mjacob
Revision 1.130: download - view: text, markup, annotated - select for diffs
Thu Jul 19 07:10:30 2001 UTC (10 years, 6 months ago) by ru
Branches: MAIN
Diff to: previous 1.129: preferred, colored
Changes since revision 1.129: +10 -14 lines
Backout non-functional changes from revision 1.128. Not objected to by: dcs
Revision 1.99.2.16: download - view: text, markup, annotated - select for diffs
Thu Jul 19 06:37:26 2001 UTC (10 years, 6 months ago) by kris
Branches: RELENG_4
CVS tags: RELENG_4_4_BP, RELENG_4_4_0_RELEASE, RELENG_4_4
Diff to: previous 1.99.2.15: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.15: +6 -1 lines
MFC: Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent.
Revision 1.129: download - view: text, markup, annotated - select for diffs
Tue Jul 17 21:00:07 2001 UTC (10 years, 6 months ago) by dcs
Branches: MAIN
Diff to: previous 1.128: preferred, colored
Changes since revision 1.128: +1 -1 lines
(forced commit for more info on the previous change) According to RFC 1112, which deals with multicasting, an application must specify the interface on which it wished to send a multicast packet. In the absence of such an interface, a default is selected. Previous behavior in ip_output.c erroneously checked for a route to the destination multicast address, rejecting the packet if none existed. Applications got around this with a FAQ recommending a 224.0.0.0/29 route to loopback. This worked because the multicast code in ip_output.c discards route information if an interface was selected. The previous commit skips the route check in the case where a multicast packet is being send to an application-defined interface. The only change in behavior, if no bugs were introduced, is the lack of rejection of a multicast packet for which no route exists sent to an application-defined interface. MFC after: 2 weeks
Revision 1.128: download - view: text, markup, annotated - select for diffs
Tue Jul 17 18:47:48 2001 UTC (10 years, 6 months ago) by dcs
Branches: MAIN
Diff to: previous 1.127: preferred, colored
Changes since revision 1.127: +23 -10 lines
Skip the route checking in the case of multicast packets with known interfaces. Reviewed by: people at that channel Approved by: silence on -net
Revision 1.99.2.15: download - view: text, markup, annotated - select for diffs
Tue Jul 3 11:01:46 2001 UTC (10 years, 7 months ago) by ume
Branches: RELENG_4
Diff to: previous 1.99.2.14: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.14: +180 -135 lines
MFC: Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. etc/defaults/rc.conf: 1.111 etc/rc.network: 1.98 etc/rc.network6: 1.20 lib/libipsec/ipsec_set_policy.3: 1.8 lib/libipsec/ipsec_strerror.3: 1.7 lib/libipsec/ipsec_strerror.c: 1.3 lib/libipsec/ipsec_strerror.h: 1.3 lib/libipsec/libpfkey.h: 1.2 lib/libipsec/pfkey.c: 1.3 lib/libipsec/pfkey_dump.c: 1.3 lib/libipsec/policy_token.l: 1.5 lib/libipsec/test-policy.c: 1.4 sbin/ifconfig/ifconfig.8: 1.42 sbin/ifconfig/ifconfig.c: 1.63 sbin/ping6/ping6.8: 1.10 sbin/ping6/ping6.c: 1.9 sbin/route/route.c: 1.48, 1.50 sbin/rtsol/Makefile: 1.4 share/doc/IPv6/IMPLEMENTATION: 1.3 share/examples/IPv6/USAGE: 1.3 share/man/man4/faith.4: 1.10 share/man/man4/gif.4: 1.9 share/man/man4/inet6.4: 1.8 share/man/man4/ip6.4: 1.8 share/man/man4/ipsec.4: 1.9 share/man/man4/kame.4: 1.8 share/man/man4/stf.4: 1.8 sys/conf/files: 1.534 sys/crypto/md5.c: 1.4 sys/crypto/sha1.c: 1.7 sys/crypto/blowfish/bf_enc.c: 1.4 sys/crypto/blowfish/bf_locl.h: 1.4 sys/crypto/blowfish/bf_skey.c: 1.4 sys/crypto/blowfish/blowfish.h: 1.4 sys/crypto/cast128/cast128.c: 1.4 sys/crypto/cast128/cast128.h: 1.4 sys/crypto/des/des.h: 1.4 sys/crypto/des/des_ecb.c: 1.4 sys/crypto/des/des_locl.h: 1.5 sys/crypto/des/des_setkey.c: 1.4 sys/crypto/rijndael/boxes-fst.dat: 1.2 sys/crypto/rijndael/rijndael-alg-fst.c: 1.2, 1.3 sys/crypto/rijndael/rijndael-alg-fst.h: 1.2 sys/crypto/rijndael/rijndael-api-fst.c: 1.2 sys/crypto/rijndael/rijndael-api-fst.h: 1.2 sys/crypto/rijndael/rijndael_local.h: 1.3 sys/kern/uipc_domain.c: 1.24 sys/kern/uipc_mbuf.c: 1.82 sys/kern/uipc_mbuf2.c: 1.8 sys/net/if.c: 1.109 sys/net/if_faith.c: 1.4, 1.5 sys/net/if_gif.c: 1.10 sys/net/if_gif.h: 1.4 sys/net/if_loop.c: 1.61 sys/net/if_sppp.h: 1.17 sys/net/if_spppsubr.c: 1.68, 1.69 sys/net/net_osdep.c: 1.4 sys/net/net_osdep.h: 1.5 sys/net/pfkeyv2.h: 1.6 sys/net/ppp_defs.h: 1.7 sys/net/rtsock.c: 1.52 sys/netinet/icmp6.h: 1.4 sys/netinet/in.c: 1.54 sys/netinet/in_gif.c: 1.10 sys/netinet/in_pcb.c: 1.84 sys/netinet/in_pcb.h: 1.38 sys/netinet/in_proto.c: 1.56 sys/netinet/ip6.h: 1.5 sys/netinet/ip_ecn.c: 1.4 sys/netinet/ip_ecn.h: 1.4 sys/netinet/ip_encap.c: 1.4 sys/netinet/ip_icmp.c: 1.57 sys/netinet/ip_input.c: 1.171 sys/netinet/ip_output.c: 1.126 sys/netinet/ip_var.h: 1.56 sys/netinet/raw_ip.c: 1.78 sys/netinet/tcp_input.c: 1.132 sys/netinet/tcp_output.c: 1.50 sys/netinet/tcp_subr.c: 1.103 sys/netinet/tcp_usrreq.c: 1.60 sys/netinet/udp_usrreq.c: 1.89 sys/netinet6/ah.h: 1.5 sys/netinet6/ah6.h: 1.4 sys/netinet6/ah_core.c: 1.8 sys/netinet6/ah_input.c: 1.7 sys/netinet6/ah_output.c: 1.7 sys/netinet6/dest6.c: 1.6 sys/netinet6/esp.h: 1.4 sys/netinet6/esp6.h: 1.4 sys/netinet6/esp_core.c: 1.5 sys/netinet6/esp_input.c: 1.7 sys/netinet6/esp_output.c: 1.5 sys/netinet6/frag6.c: 1.8 sys/netinet6/icmp6.c: 1.11 sys/netinet6/in6.c: 1.12 sys/netinet6/in6.h: 1.13 sys/netinet6/in6_cksum.c: 1.4 sys/netinet6/in6_gif.c: 1.5 sys/netinet6/in6_ifattach.c: 1.6 sys/netinet6/in6_ifattach.h: 1.3 sys/netinet6/in6_pcb.c: 1.15 sys/netinet6/in6_pcb.h: 1.4 sys/netinet6/in6_prefix.c: 1.7 sys/netinet6/in6_prefix.h: 1.5 sys/netinet6/in6_proto.c: 1.14 sys/netinet6/in6_rmx.c: 1.4 sys/netinet6/in6_src.c: 1.4 sys/netinet6/in6_var.h: 1.8 sys/netinet6/ip6_ecn.h: 1.4 sys/netinet6/ip6_forward.c: 1.11 sys/netinet6/ip6_fw.c: 1.11 sys/netinet6/ip6_fw.h: 1.11 sys/netinet6/ip6_input.c: 1.27 sys/netinet6/ip6_mroute.c: 1.7 sys/netinet6/ip6_mroute.h: 1.4 sys/netinet6/ip6_output.c: 1.25 sys/netinet6/ip6_var.h: 1.7 sys/netinet6/ip6protosw.h: 1.6 sys/netinet6/ipcomp.h: 1.2 sys/netinet6/ipcomp6.h: 1.2 sys/netinet6/ipcomp_core.c: 1.2 sys/netinet6/ipcomp_input.c: 1.2 sys/netinet6/ipcomp_output.c: 1.2 sys/netinet6/ipsec.c: 1.12 sys/netinet6/ipsec.h: 1.8 sys/netinet6/ipsec6.h: 1.5 sys/netinet6/mld6.c: 1.7 sys/netinet6/nd6.c: 1.9 sys/netinet6/nd6.h: 1.7 sys/netinet6/nd6_nbr.c: 1.9 sys/netinet6/nd6_rtr.c: 1.7, 1.8 sys/netinet6/raw_ip6.c: 1.11 sys/netinet6/route6.c: 1.4 sys/netinet6/scope6.c: 1.2 sys/netinet6/udp6_output.c: 1.3 sys/netinet6/udp6_usrreq.c: 1.15 sys/netkey/key.c: 1.25 sys/netkey/key.h: 1.7 sys/netkey/key_debug.c: 1.14 sys/netkey/key_debug.h: 1.7 sys/netkey/key_var.h: 1.4 sys/netkey/keydb.h: 1.6 sys/netkey/keysock.c: 1.6 sys/netsmb/smb_crypt.c: 1.2 sys/sys/mbuf.h: 1.79, 1.80 sys/sys/protosw.h: 1.33 sys/sys/socket.h: 1.54, 1.56 sys/sys/sockio.h: 1.17 usr.bin/netstat/inet.c: 1.42 usr.bin/netstat/inet6.c: 1.10 usr.bin/netstat/ipsec.c: 1.2 usr.bin/netstat/main.c: 1.40 usr.bin/netstat/mroute6.c: 1.5 usr.bin/netstat/netstat.1: 1.29 usr.bin/netstat/netstat.h: 1.21 usr.bin/netstat/route.c: 1.50, 1.51, 1.55 usr.sbin/faithd/Makefile: 1.6 usr.sbin/faithd/README: 1.4 usr.sbin/faithd/faithd.8: 1.9 usr.sbin/faithd/faithd.c: 1.7 usr.sbin/faithd/faithd.h: 1.3 usr.sbin/faithd/ftp.c: 1.5 usr.sbin/faithd/rsh.c: 1.5 usr.sbin/faithd/tcp.c: 1.3 usr.sbin/gifconfig/gifconfig.8: 1.6 usr.sbin/gifconfig/gifconfig.c: 1.4 usr.sbin/ifmcstat/ifmcstat.8: 1.3 usr.sbin/ifmcstat/ifmcstat.c: 1.7 usr.sbin/mld6query/mld6.c: 1.2 usr.sbin/mld6query/mld6query.8: 1.2 usr.sbin/ndp/ndp.8: 1.6 usr.sbin/ndp/ndp.c: 1.6 usr.sbin/prefix/Makefile: 1.4 usr.sbin/rip6query/rip6query.8: 1.4 usr.sbin/rip6query/rip6query.c: 1.5 usr.sbin/route6d/route6d.8: 1.6 usr.sbin/route6d/route6d.c: 1.9 usr.sbin/route6d/route6d.h: 1.3 usr.sbin/rrenumd/lexer.l: 1.3 usr.sbin/rrenumd/parser.y: 1.3 usr.sbin/rrenumd/rrenumd.8: 1.6 usr.sbin/rrenumd/rrenumd.c: 1.4 usr.sbin/rrenumd/rrenumd.conf.5: 1.10 usr.sbin/rrenumd/rrenumd.h: 1.3 usr.sbin/rtadvd/advcap.c: 1.4 usr.sbin/rtadvd/advcap.h: 1.4 usr.sbin/rtadvd/config.c: 1.7 usr.sbin/rtadvd/config.h: 1.4 usr.sbin/rtadvd/dump.c: 1.3 usr.sbin/rtadvd/dump.h: 1.3 usr.sbin/rtadvd/if.c: 1.6 usr.sbin/rtadvd/if.h: 1.4 usr.sbin/rtadvd/pathnames.h: 1.5 usr.sbin/rtadvd/rrenum.c: 1.5 usr.sbin/rtadvd/rrenum.h: 1.4 usr.sbin/rtadvd/rtadvd.8: 1.8 usr.sbin/rtadvd/rtadvd.c: 1.6 usr.sbin/rtadvd/rtadvd.conf.5: 1.6 usr.sbin/rtadvd/rtadvd.h: 1.4 usr.sbin/rtadvd/timer.c: 1.4 usr.sbin/rtadvd/timer.h: 1.4 usr.sbin/rtsold/Makefile: 1.6 usr.sbin/rtsold/dump.c: 1.4 usr.sbin/rtsold/if.c: 1.5 usr.sbin/rtsold/probe.c: 1.5 usr.sbin/rtsold/rtsol.c: 1.4 usr.sbin/rtsold/rtsold.8: 1.5 usr.sbin/rtsold/rtsold.c: 1.4 usr.sbin/rtsold/rtsold.h: 1.4 usr.sbin/setkey/parse.y: 1.3 usr.sbin/setkey/scriptdump.pl: 1.3 usr.sbin/setkey/setkey.8: 1.14 usr.sbin/setkey/setkey.c: 1.3 usr.sbin/setkey/token.l: 1.5 usr.sbin/traceroute6/traceroute6.8: 1.7 usr.sbin/traceroute6/traceroute6.c: 1.8
Revision 1.127: download - view: text, markup, annotated - select for diffs
Mon Jun 11 18:38:11 2001 UTC (10 years, 8 months ago) by ume
Branches: MAIN
Diff to: previous 1.126: preferred, colored
Changes since revision 1.126: +1 -1 lines
This is force commit to mention about previous commit. - use 0/8 to specify interface index on multicast get/setsockopt - make sure to nuke m->m_aux pointer for ipsec, on if_output. - pass error from ipsec_setsocket() all the way up. - move ipsec output processing before filtering section.
Revision 1.126: download - view: text, markup, annotated - select for diffs
Mon Jun 11 12:39:01 2001 UTC (10 years, 8 months ago) by ume
Branches: MAIN
Diff to: previous 1.125: preferred, colored
Changes since revision 1.125: +180 -135 lines
Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
Revision 1.125: download - view: text, markup, annotated - select for diffs
Fri Jun 1 10:02:27 2001 UTC (10 years, 8 months ago) by kris
Branches: MAIN
Diff to: previous 1.124: preferred, colored
Changes since revision 1.124: +6 -1 lines
Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. Reviewed by: -net Obtained from: OpenBSD
Revision 1.99.2.14: download - view: text, markup, annotated - select for diffs
Wed Apr 25 12:47:12 2001 UTC (10 years, 9 months ago) by ru
Branches: RELENG_4
Diff to: previous 1.99.2.13: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.13: +6 -4 lines
MFC: (rev 1.124) Fix UDP checksum calculation.
Revision 1.124: download - view: text, markup, annotated - select for diffs
Tue Mar 13 17:07:06 2001 UTC (10 years, 11 months ago) by ru
Branches: MAIN
Diff to: previous 1.123: preferred, colored
Changes since revision 1.123: +6 -4 lines
RFC768 (UDP) requires that "if the computed checksum is zero, it is transmitted as all ones". This got broken after introduction of delayed checksums as follows. Some guys (including Jonathan) think that it is allowed to transmit all ones in place of a zero checksum for TCP the same way as for UDP. (The discussion still takes place on -net.) Thus, the 0 -> 0xffff checksum fixup was first moved from udp_output() (see udp_usrreq.c, 1.64 -> 1.65) to in_cksum_skip() (see sys/i386/i386/in_cksum.c, 1.17 -> 1.18, INVERT expression). Besides that I disagree that it is valid for TCP, there was no real problem until in_cksum.c,v 1.20, where the in_cksum() was made just a special version of in_cksum_skip(). The side effect was that now every incoming IP datagram failed to pass the checksum test (in_cksum() returned 0xffff when it should actually return zero). It was fixed next day in revision 1.21, by removing the INVERT expression. The latter also broke the 0 -> 0xffff fixup for UDP checksums. Before this change: : tcpdump: listening on lo0 : 127.0.0.1.33005 > 127.0.0.1.33006: udp 0 (ttl 64, id 1) : 4500 001c 0001 0000 4011 7cce 7f00 0001 : 7f00 0001 80ed 80ee 0008 0000 After this change: : tcpdump: listening on lo0 : 127.0.0.1.33005 > 127.0.0.1.33006: udp 0 (ttl 64, id 1) : 4500 001c 0001 0000 4011 7cce 7f00 0001 : 7f00 0001 80ed 80ee 0008 ffff
Revision 1.99.2.13: download - view: text, markup, annotated - select for diffs
Sun Mar 11 22:18:00 2001 UTC (10 years, 11 months ago) by iedowse
Branches: RELENG_4
CVS tags: RELENG_4_3_BP, RELENG_4_3_0_RELEASE, RELENG_4_3
Diff to: previous 1.99.2.12: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.12: +9 -5 lines
MFC: 1.122->1.223 Set up `ia' properly for dummynet packets to avoid dereferencing an unitialised pointer. This change includes some over-defensive checks not present in the patch applied to -current; we set `ia' to NULL at the start of ip_output(), check that the dummynet route is non-NULL, and that `ia' is non-NULL before it is dereferenced. This are just safety measures which can be removed when the per-ifaddr stats code has had a bit more testing time in -current. Approved by: jkh
Revision 1.123: download - view: text, markup, annotated - select for diffs
Sun Mar 11 17:50:19 2001 UTC (10 years, 11 months ago) by iedowse
Branches: MAIN
Diff to: previous 1.122: preferred, colored
Changes since revision 1.122: +2 -1 lines
In ip_output(), initialise `ia' in the case where the packet has come from a dummynet pipe. Without this, the code which increments the per-ifaddr stats can dereference an uninitialised pointer. This should make dummynet usable again. Reported by: "Dmitry A. Yanko" <fm@astral.ntu-kpi.kiev.ua> Reviewed by: luigi, joe
Revision 1.99.2.12: download - view: text, markup, annotated - select for diffs
Sun Mar 4 21:09:46 2001 UTC (10 years, 11 months ago) by joe
Branches: RELENG_4
Diff to: previous 1.99.2.11: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.11: +15 -4 lines
MFC: Keep stats on interface address traffic for ipv4 and ipv6 packets. usr.bin/netstat/if.c: revision 1.34 sys/net/if_var.h: revision 1.27 sys/netinet6/ip6_input.c: revision 1.17 sys/netinet6/ip6_output.c: revisions 1.19, 1.20 sys/netinet/ip_input.c: revision 1.144 sys/netinet/ip_output.c: revisions 1.112, 1.114, 1.116
Revision 1.99.2.11: download - view: text, markup, annotated - select for diffs
Tue Feb 27 09:41:15 2001 UTC (10 years, 11 months ago) by phk
Branches: RELENG_4
Diff to: previous 1.99.2.10: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.10: +3 -5 lines
MFC various trivial/textual changes.
Revision 1.122: download - view: text, markup, annotated - select for diffs
Mon Feb 26 20:05:32 2001 UTC (10 years, 11 months ago) by asmodai
Branches: MAIN
Diff to: previous 1.121: preferred, colored
Changes since revision 1.121: +1 -6 lines
Remove conditionals for vax support. People who care much about this are welcomed to try 2.11BSD. :) Noticed by: luigi Reviewed by: jesper
Revision 1.99.2.10: download - view: text, markup, annotated - select for diffs
Wed Feb 7 01:03:13 2001 UTC (11 years ago) by luigi
Branches: RELENG_4
Diff to: previous 1.99.2.9: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.9: +6 -10 lines
Another sweep at the bridge/ipfw/dummynet code, thanks to the bug reports received over the last days. Among other things, this commit should avoid some of the problems with ARP replies being copied to the wrong interface. In detail (and modulo errors) bridge.c: + comment out some verbose debugging messages; + improve handling of configurations with multiple interface clusters. Do not permit leaks of packets from one cluster to another. + simplify the structure of bdg_forward() net/if_ethersubr.c: + minor simplifications related to the change of interface in bdg_forward(); netinet/if_ether.c + minor simplifications in the arp error handling code. netinet/ip_fw.c netinet/ip_fw.h + #define and use a symbolic constant for the return value from ip_fw_chk netinet/ip_input.c netinet/ip_output.c + same as above, plus improve error handling in case the firewall decides to change the mbuf pointer.
Revision 1.121: download - view: text, markup, annotated - select for diffs
Sun Feb 4 16:08:12 2001 UTC (11 years ago) by phk
Branches: MAIN
Diff to: previous 1.120: preferred, colored
Changes since revision 1.120: +3 -5 lines
Another round of the <sys/queue.h> FOREACH transmogriffer. Created with: sed(1) Reviewed by: md5(1)
Revision 1.120: download - view: text, markup, annotated - select for diffs
Sun Feb 4 13:13:08 2001 UTC (11 years ago) by phk
Branches: MAIN
Diff to: previous 1.119: preferred, colored
Changes since revision 1.119: +4 -4 lines
Mechanical change to use <sys/queue.h> macro API instead of fondling implementation details. Created with: sed(1) Reviewed by: md5(1)
Revision 1.119: download - view: text, markup, annotated - select for diffs
Fri Feb 2 00:18:00 2001 UTC (11 years ago) by luigi
Branches: MAIN
Diff to: previous 1.118: preferred, colored
Changes since revision 1.118: +17 -5 lines
MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately)
Revision 1.99.2.9: download - view: text, markup, annotated - select for diffs
Thu Feb 1 20:25:09 2001 UTC (11 years ago) by luigi
Branches: RELENG_4
Diff to: previous 1.99.2.8: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.8: +9 -2 lines
Assorted bridge+ipfw+dummynet fixes. The general goal of this set
of patches is to reduce the number of places where shared mbuf
clusters are modified.
In detail:
ip_fw.c:
modified the ip_fw_chk interface (so that it does not consume
the buffer unless strictly necessary).
ip_input.c, ip_output.c, bridge.c:
reflect above changes.
if_ethersubr.c:
avoid dereferencing pointers to an mbuf chain after it has been
freed. Also fix some bugs when interfaces are not part of
a bridging cluster.
ip_dummynet.[ch]
largely simplified the WF2Q+ implementation removing a redundant
data structrure.
bridge.[ch]
fix the forwarding loop to avoid modifying the packet when
possible.
Revision 1.99.2.8: download - view: text, markup, annotated - select for diffs
Thu Jan 25 02:09:05 2001 UTC (11 years ago) by luigi
Branches: RELENG_4
Diff to: previous 1.99.2.7: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.7: +4 -4 lines
Pass up errors returned by dummynet.
Revision 1.118: download - view: text, markup, annotated - select for diffs
Thu Jan 25 02:06:38 2001 UTC (11 years ago) by luigi
Branches: MAIN
Diff to: previous 1.117: preferred, colored
Changes since revision 1.117: +4 -4 lines
Pass up errors returned by dummynet. The same should be done with divert.
Revision 1.117: download - view: text, markup, annotated - select for diffs
Thu Dec 21 21:44:01 2000 UTC (11 years, 1 month ago) by bmilekic
Branches: MAIN
Diff to: previous 1.116: preferred, colored
Changes since revision 1.116: +2 -2 lines
* Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. This is because calls with M_WAIT (now M_TRYWAIT) may not wait forever when nothing is available for allocation, and may end up returning NULL. Hopefully we now communicate more of the right thing to developers and make it very clear that it's necessary to check whether calls with M_(TRY)WAIT also resulted in a failed allocation. M_TRYWAIT basically means "try harder, block if necessary, but don't necessarily wait forever." The time spent blocking is tunable with the kern.ipc.mbuf_wait sysctl. M_WAIT is now deprecated but still defined for the next little while. * Fix a typo in a comment in mbuf.h * Fix some code that was actually passing the mbuf subsystem's M_WAIT to malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the value of the M_WAIT flag, this could have became a big problem.
Revision 1.116: download - view: text, markup, annotated - select for diffs
Wed Nov 1 01:59:28 2000 UTC (11 years, 3 months ago) by joe
Branches: MAIN
Diff to: previous 1.115: preferred, colored
Changes since revision 1.115: +2 -2 lines
It's no longer true that "nobody uses ia beyond here"; it's now used to keep address based if_data statistics in. Submitted by: ru
Revision 1.115: download - view: text, markup, annotated - select for diffs
Sun Oct 29 16:06:47 2000 UTC (11 years, 3 months ago) by phk
Branches: MAIN
Diff to: previous 1.114: preferred, colored
Changes since revision 1.114: +1 -2 lines
Move suser() and suser_xxx() prototypes and a related #define from <sys/proc.h> to <sys/systm.h>. Correctly document the #includes needed in the manpage. Add one now needed #include of <sys/systm.h>. Remove the consequent 48 unused #includes of <sys/proc.h>.
Revision 1.114: download - view: text, markup, annotated - select for diffs
Sun Oct 29 01:05:07 2000 UTC (11 years, 3 months ago) by joe
Branches: MAIN
Diff to: previous 1.113: preferred, colored
Changes since revision 1.113: +7 -3 lines
Count per-address statistics for IP fragments. Requested by: ru Obtained from: BSD/OS
Revision 1.113: download - view: text, markup, annotated - select for diffs
Fri Oct 20 14:10:37 2000 UTC (11 years, 3 months ago) by ru
Branches: MAIN
Diff to: previous 1.112: preferred, colored
Changes since revision 1.112: +2 -4 lines
Save a few CPU cycles in IP fragmentation code.
Revision 1.112: download - view: text, markup, annotated - select for diffs
Thu Oct 19 23:15:54 2000 UTC (11 years, 3 months ago) by joe
Branches: MAIN
Diff to: previous 1.111: preferred, colored
Changes since revision 1.111: +8 -1 lines
Augment the 'ifaddr' structure with a 'struct if_data' to keep statistics on a per network address basis. Teach the IPv4 and IPv6 input/output routines to log packets/bytes against the network address connected to the flow. Teach netstat to display the per-address stats for IP protocols when 'netstat -i' is evoked, instead of displaying the per-interface stats.
Revision 1.99.2.7: download - view: text, markup, annotated - select for diffs
Thu Sep 21 17:19:14 2000 UTC (11 years, 4 months ago) by ru
Branches: RELENG_4
CVS tags: RELENG_4_2_0_RELEASE, RELENG_4_1_1_RELEASE
Diff to: previous 1.99.2.6: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.6: +14 -13 lines
MFC: - Fixed broken ICMP error generation. - Keep the ip_id field in network byte order.
Revision 1.111: download - view: text, markup, annotated - select for diffs
Thu Sep 14 14:42:03 2000 UTC (11 years, 4 months ago) by ru
Branches: MAIN
Diff to: previous 1.110: preferred, colored
Changes since revision 1.110: +2 -10 lines
Follow BSD/OS and NetBSD, keep the ip_id field in network order all the time. Requested by: wollman
Revision 1.110: download - view: text, markup, annotated - select for diffs
Fri Sep 1 12:33:03 2000 UTC (11 years, 5 months ago) by ru
Branches: MAIN
CVS tags: PRE_SMPNG
Diff to: previous 1.109: preferred, colored
Changes since revision 1.109: +23 -14 lines
Fixed broken ICMP error generation, unified conversion of IP header fields between host and network byte order. The details: o icmp_error() now does not add IP header length. This fixes the problem when icmp_error() is called from ip_forward(). In this case the ip_len of the original IP datagram returned with ICMP error was wrong. o icmp_error() expects all three fields, ip_len, ip_id and ip_off in host byte order, so DTRT and convert these fields back to network byte order before sending a message. This fixes the problem described in PR 16240 and PR 20877 (ip_id field was returned in host byte order). o ip_ttl decrement operation in ip_forward() was moved down to make sure that it does not corrupt the copy of original IP datagram passed later to icmp_error(). o A copy of original IP datagram in ip_forward() was made a read-write, independent copy. This fixes the problem I first reported to Garrett Wollman and Bill Fenner and later put in audit trail of PR 16240: ip_output() (not always) converts fields of original datagram to network byte order, but because copy (mcopy) and its original (m) most likely share the same mbuf cluster, ip_output()'s manipulations on original also corrupted the copy. o ip_output() now expects all three fields, ip_len, ip_off and (what is significant) ip_id in host byte order. It was a headache for years that ip_id was handled differently. The only compatibility issue here is the raw IP socket interface with IP_HDRINCL socket option set and a non-zero ip_id field, but ip.4 manual page was unclear on whether in this case ip_id field should be in host or network byte order.
Revision 1.109: download - view: text, markup, annotated - select for diffs
Mon Jul 31 13:11:41 2000 UTC (11 years, 6 months ago) by darrenr
Branches: MAIN
Diff to: previous 1.108: preferred, colored
Changes since revision 1.108: +26 -9 lines
activate pfil_hooks and covert ipfilter to use it
Revision 1.99.2.6: download - view: text, markup, annotated - select for diffs
Sat Jul 15 07:14:30 2000 UTC (11 years, 6 months ago) by kris
Branches: RELENG_4
CVS tags: RELENG_4_1_0_RELEASE
Diff to: previous 1.99.2.5: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.5: +23 -24 lines
MFC: Merge KAME 2000/07/01 code.
Revision 1.108: download - view: text, markup, annotated - select for diffs
Tue Jul 4 16:35:05 2000 UTC (11 years, 7 months ago) by itojun
Branches: MAIN
Diff to: previous 1.107: preferred, colored
Changes since revision 1.107: +23 -24 lines
sync with kame tree as of july00. tons of bug fixes/improvements. API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
Revision 1.44.2.17: download - view: text, markup, annotated - select for diffs
Mon Jun 26 20:49:22 2000 UTC (11 years, 7 months ago) by alfred
Branches: RELENG_2_2
Diff to: previous 1.44.2.16: preferred, colored; branchpoint 1.44: preferred, colored; next MAIN 1.45: preferred, colored
Changes since revision 1.44.2.16: +4 -2 lines
MFC: FreeBSD-SA-00:23
Revision 1.85.2.8: download - view: text, markup, annotated - select for diffs
Thu Jun 8 15:11:50 2000 UTC (11 years, 8 months ago) by jlemon
Branches: RELENG_3
CVS tags: RELENG_3_5_0_RELEASE
Diff to: previous 1.85.2.7: preferred, colored; branchpoint 1.85: preferred, colored; next MAIN 1.86: preferred, colored
Changes since revision 1.85.2.7: +4 -2 lines
MFC: correct boundary checks against IP options
Revision 1.99.2.5: download - view: text, markup, annotated - select for diffs
Thu Jun 8 15:11:21 2000 UTC (11 years, 8 months ago) by jlemon
Branches: RELENG_4
Diff to: previous 1.99.2.4: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.4: +4 -2 lines
MFC: correct boundary checks against IP options
Revision 1.99.2.4: download - view: text, markup, annotated - select for diffs
Fri Jun 2 22:39:08 2000 UTC (11 years, 8 months ago) by archie
Branches: RELENG_4
Diff to: previous 1.99.2.3: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.3: +2 -2 lines
MFC: only pass the address family to if_simloop()
Revision 1.107: download - view: text, markup, annotated - select for diffs
Fri Jun 2 20:18:38 2000 UTC (11 years, 8 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.106: preferred, colored
Changes since revision 1.106: +4 -2 lines
Add boundary checks against IP options. Obtained from: OpenBSD
Revision 1.99.2.3: download - view: text, markup, annotated - select for diffs
Thu May 25 02:33:46 2000 UTC (11 years, 8 months ago) by jlemon
Branches: RELENG_4
Diff to: previous 1.99.2.2: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.2: +7 -1 lines
MFC: rev 1.106, checksums for multicast loopback. PR: kern/18741
Revision 1.106: download - view: text, markup, annotated - select for diffs
Thu May 25 02:27:14 2000 UTC (11 years, 8 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.105: preferred, colored
Changes since revision 1.105: +7 -1 lines
Mark the checksum as complete when looping back multicast packets. Submitted by: Jeff Gibbons <jgibbons@n2.net>
Revision 1.105: download - view: text, markup, annotated - select for diffs
Wed May 24 21:16:56 2000 UTC (11 years, 8 months ago) by archie
Branches: MAIN
Diff to: previous 1.104: preferred, colored
Changes since revision 1.104: +2 -2 lines
Just need to pass the address family to if_simloop(), not the whole sockaddr.
Revision 1.99.2.2: download - view: text, markup, annotated - select for diffs
Sun May 21 21:41:44 2000 UTC (11 years, 8 months ago) by jlemon
Branches: RELENG_4
Diff to: previous 1.99.2.1: preferred, colored; branchpoint 1.99: preferred, colored
Changes since revision 1.99.2.1: +2 -3 lines
MFC: fix problem with interaction between delayed checksums & IPFilter.
Revision 1.104: download - view: text, markup, annotated - select for diffs
Sun May 21 21:26:06 2000 UTC (11 years, 8 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.103: preferred, colored
Changes since revision 1.103: +2 -3 lines
Compute the checksum before handing the packet off to IPFilter. Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
Revision 1.99.2.1: download - view: text, markup, annotated - select for diffs
Fri May 5 13:36:52 2000 UTC (11 years, 9 months ago) by jlemon
Branches: RELENG_4
Diff to: previous 1.99: preferred, colored
Changes since revision 1.99: +110 -29 lines
MFC: delayed checksum work. This also brings the mbuf size up to 256.
Revision 1.103: download - view: text, markup, annotated - select for diffs
Sun Apr 2 16:18:26 2000 UTC (11 years, 10 months ago) by shin
Branches: MAIN
Diff to: previous 1.102: preferred, colored
Changes since revision 1.102: +6 -6 lines
Move htons() ip_len to after the in_delayed_cksum() call. This should stop cksum error messages on IPsec communication which was reported on freebsd-current. Reviewed by: jlemon
Revision 1.102: download - view: text, markup, annotated - select for diffs
Sat Apr 1 18:51:03 2000 UTC (11 years, 10 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.101: preferred, colored
Changes since revision 1.101: +11 -1 lines
Calculate any delayed checksums before handing an mbuf off to a divert socket. This fixes a problem with ppp/natd. Reviewed by: bsd (Brian Dean, gotta love that login name)
Revision 1.101: download - view: text, markup, annotated - select for diffs
Thu Mar 30 02:16:40 2000 UTC (11 years, 10 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.100: preferred, colored
Changes since revision 1.100: +8 -7 lines
If `ipfw fwd' loops an mbuf back to ip_input from ip_output and the mbuf is marked for delayed checksums, then additionally mark the packet as having it's checksums computed. This allows us to bypass computing/checking the checksum entirely, which isn't really needeed as the packet has never hit the wire. Reviewed by: green
Revision 1.100: download - view: text, markup, annotated - select for diffs
Mon Mar 27 19:14:21 2000 UTC (11 years, 10 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.99: preferred, colored
Changes since revision 1.99: +88 -18 lines
Add support for offloading IP/TCP/UDP checksums to NIC hardware which supports them.
Revision 1.99: download - view: text, markup, annotated - select for diffs
Thu Mar 9 14:57:15 2000 UTC (11 years, 11 months ago) by shin
Branches: MAIN
CVS tags: RELENG_4_BP, RELENG_4_0_0_RELEASE
Branch point for: RELENG_4
Diff to: previous 1.98: preferred, colored
Changes since revision 1.98: +4 -3 lines
Initialize mbuf pointer at getting ipsec policy. Without this, kernel will panic at getsockopt() of IPSEC_POLICY. Also make compilable libipsec/test-policy.c which tries getsockopt() of IPSEC_POLICY. Approved by: jkh Submitted by: sakane@kame.net
Revision 1.98: download - view: text, markup, annotated - select for diffs
Wed Feb 23 20:11:57 2000 UTC (11 years, 11 months ago) by guido
Branches: MAIN
Diff to: previous 1.97: preferred, colored
Changes since revision 1.97: +1 -10 lines
Remove option IPFILTER_KLD. In case you wanted to kldload ipfilter, the module would only work in kernels built with this option. Approved by: jkh
Revision 1.85.2.7: download - view: text, markup, annotated - select for diffs
Sun Feb 13 12:18:36 2000 UTC (12 years ago) by luigi
Branches: RELENG_3
Diff to: previous 1.85.2.6: preferred, colored; branchpoint 1.85: preferred, colored
Changes since revision 1.85.2.6: +2 -2 lines
MFC: bring stateful extensions for IPFW and related fixes to -stable. In order to use the new features and get sensible output from "ipfw show" you need to recompile ipfw. Note that you will still be able to configure the firewall using the old ipfw. Approved-by: jordan
Revision 1.97: download - view: text, markup, annotated - select for diffs
Thu Feb 10 14:19:53 2000 UTC (12 years ago) by luigi
Branches: MAIN
Diff to: previous 1.96: preferred, colored
Changes since revision 1.96: +3 -3 lines
Support the net.inet.ip.fw.enable variable, part of the recent ipfw modifications. Approved-by: jordan
Revision 1.85.2.6: download - view: text, markup, annotated - select for diffs
Tue Jan 18 16:03:56 2000 UTC (12 years ago) by luigi
Branches: RELENG_3
Diff to: previous 1.85.2.5: preferred, colored; branchpoint 1.85: preferred, colored
Changes since revision 1.85.2.5: +9 -12 lines
Various MFC: * update dummynet to the new code in 4.0, and cleanup call interface (affects ip_dummynet.c ip_dummynet.h ip_input.c ip_output.c) * various cleanup of ipfw code, including dummynet hooks, support for masks on UDP/TCP ports, and removal of ip_nat hooks as in 4.0 (affects ip_fw.c ip_fw.h raw_ip.c) The new dummynet code is thanks Akamba Corp.
Revision 1.85.2.5: download - view: text, markup, annotated - select for diffs
Tue Jan 11 16:18:05 2000 UTC (12 years, 1 month ago) by ru
Branches: RELENG_3
Diff to: previous 1.85.2.4: preferred, colored; branchpoint 1.85: preferred, colored
Changes since revision 1.85.2.4: +2 -1 lines
MFC: Fix page fault when diverting packets with IP options.
Revision 1.96: download - view: text, markup, annotated - select for diffs
Mon Jan 10 18:46:05 2000 UTC (12 years, 1 month ago) by ru
Branches: MAIN
Diff to: previous 1.95: preferred, colored
Changes since revision 1.95: +2 -1 lines
MGETHDR() does not initialize m_pkthdr.rcvif, do it here. This fixes page fault panic observed when diverting packets with IP options (e.g. ping -R remoteIP over natd). PR: kern/8596, kern/11199
Revision 1.95: download - view: text, markup, annotated - select for diffs
Sun Jan 9 03:06:28 2000 UTC (12 years, 1 month ago) by shin
Branches: MAIN
Diff to: previous 1.94: preferred, colored
Changes since revision 1.94: +15 -18 lines
enable IPsec over DUMMYNET again Submitted by: luigi Reviewed by: luigi
Revision 1.94: download - view: text, markup, annotated - select for diffs
Sat Jan 8 11:28:23 2000 UTC (12 years, 1 month ago) by luigi
Branches: MAIN
Diff to: previous 1.93: preferred, colored
Changes since revision 1.93: +8 -6 lines
Cleanup dummynet call interface so it should now work on the Alpha as well. Also (probably) fix a bug introduced during the IPv6 import.
Revision 1.93: download - view: text, markup, annotated - select for diffs
Wed Dec 22 19:13:23 1999 UTC (12 years, 1 month ago) by shin
Branches: MAIN
Diff to: previous 1.92: preferred, colored
Changes since revision 1.92: +235 -4 lines
IPSEC support in the kernel. pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
Revision 1.92: download - view: text, markup, annotated - select for diffs
Mon Dec 6 00:43:07 1999 UTC (12 years, 2 months ago) by archie
Branches: MAIN
Diff to: previous 1.91: preferred, colored
Changes since revision 1.91: +35 -11 lines
Miscellaneous fixes/cleanups relating to ipfw and divert(4): - Implement 'ipfw tee' (finally) - Divert packets by calling new function divert_packet() directly instead of going through protosw[]. - Replace kludgey global variable 'ip_divert_port' with a function parameter to divert_packet() - Replace kludgey global variable 'frag_divert_port' with a function parameter to ip_reass() - style(9) fixes Reviewed by: julian, green
Revision 1.19.4.7: download - view: text, markup, annotated - select for diffs
Sun Sep 5 08:34:54 1999 UTC (12 years, 5 months ago) by peter
Branches: RELENG_2_1_0
Diff to: previous 1.19.4.6: preferred, colored; branchpoint 1.19: preferred, colored; next MAIN 1.20: preferred, colored
Changes since revision 1.19.4.6: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.44.2.16: download - view: text, markup, annotated - select for diffs
Sun Sep 5 08:18:35 1999 UTC (12 years, 5 months ago) by peter
Branches: RELENG_2_2
Diff to: previous 1.44.2.15: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.15: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.85.2.4: download - view: text, markup, annotated - select for diffs
Sun Aug 29 16:29:49 1999 UTC (12 years, 5 months ago) by peter
Branches: RELENG_3
CVS tags: RELENG_3_4_0_RELEASE, RELENG_3_3_0_RELEASE
Diff to: previous 1.85.2.3: preferred, colored; branchpoint 1.85: preferred, colored
Changes since revision 1.85.2.3: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.91: download - view: text, markup, annotated - select for diffs
Sat Aug 28 00:49:27 1999 UTC (12 years, 5 months ago) by peter
Branches: MAIN
Diff to: previous 1.90: preferred, colored
Changes since revision 1.90: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.44.2.15: download - view: text, markup, annotated - select for diffs
Tue May 4 18:24:54 1999 UTC (12 years, 9 months ago) by luigi
Branches: RELENG_2_2
Diff to: previous 1.44.2.14: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.14: +1 -3 lines
MFC squared. free the dummynet descriptor in ip_dummynet, not elsewhere.
Revision 1.85.2.3: download - view: text, markup, annotated - select for diffs
Tue May 4 16:24:00 1999 UTC (12 years, 9 months ago) by luigi
Branches: RELENG_3
CVS tags: RELENG_3_2_PAO_BP, RELENG_3_2_PAO, RELENG_3_2_0_RELEASE
Diff to: previous 1.85.2.2: preferred, colored; branchpoint 1.85: preferred, colored
Changes since revision 1.85.2.2: +1 -3 lines
MFC: free the dummynet header in ip_dummynet, not in the called routine.
Revision 1.90: download - view: text, markup, annotated - select for diffs
Tue May 4 16:20:33 1999 UTC (12 years, 9 months ago) by luigi
Branches: MAIN
Diff to: previous 1.89: preferred, colored
Changes since revision 1.89: +1 -3 lines
Free the dummynet descriptor in ip_dummynet, not in the called routines. The descriptor contains parameters which could be used within those routines (eg. ip_output() ). On passing, add IPPROTO_PGM entry to netinet/in.h
Revision 1.89: download - view: text, markup, annotated - select for diffs
Tue May 4 09:26:12 1999 UTC (12 years, 9 months ago) by luigi
Branches: MAIN
Diff to: previous 1.88: preferred, colored
Changes since revision 1.88: +2 -2 lines
forgot passing the right pointer to dst to dummynet_io(). (-stable and releng2 were already safe). Debugged-By: phk
Revision 1.88: download - view: text, markup, annotated - select for diffs
Tue Apr 20 13:32:06 1999 UTC (12 years, 9 months ago) by peter
Branches: MAIN
CVS tags: PRE_VFS_BIO_NFS_PATCH, PRE_SMP_VMSHARE, POST_VFS_BIO_NFS_PATCH, POST_SMP_VMSHARE
Diff to: previous 1.87: preferred, colored
Changes since revision 1.87: +2 -20 lines
Tidy up some stray / unused stuff in the IPFW package and friends. - unifdef -DCOMPAT_IPFW (this was on by default already) - remove traces of in-kernel ip_nat package, it was never committed. - Make IPFW and DUMMYNET initialize themselves rather than depend on compiled-in hooks in ip_init(). This means they initialize the same way both in-kernel and as kld modules. (IPFW initializes now :-)
Revision 1.44.2.14: download - view: text, markup, annotated - select for diffs
Thu Mar 18 18:34:20 1999 UTC (12 years, 10 months ago) by luigi
Branches: RELENG_2_2
Diff to: previous 1.44.2.13: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.13: +5 -5 lines
MFC: 1.86->1.87, "arp: host is not local" problem with dummynet
Revision 1.85.2.2: download - view: text, markup, annotated - select for diffs
Tue Mar 16 18:03:28 1999 UTC (12 years, 10 months ago) by luigi
Branches: RELENG_3
Diff to: previous 1.85.2.1: preferred, colored; branchpoint 1.85: preferred, colored
Changes since revision 1.85.2.1: +5 -5 lines
MFC: fix "arp: host is not local" problem with dummynet
Revision 1.87: download - view: text, markup, annotated - select for diffs
Tue Mar 16 12:06:11 1999 UTC (12 years, 10 months ago) by luigi
Branches: MAIN
CVS tags: PRE_NEWBUS, POST_NEWBUS
Diff to: previous 1.86: preferred, colored
Changes since revision 1.86: +5 -5 lines
Fix a dummynet bug caused by passing a bad next hop address (the symptom was the msg "arp failure -- host is not on local network" that some user have seen on multihomed machines. Bug tracked down by Emmanuel Duros
Revision 1.85.2.1: download - view: text, markup, annotated - select for diffs
Fri Feb 19 18:56:58 1999 UTC (12 years, 11 months ago) by luigi
Branches: RELENG_3
Diff to: previous 1.85: preferred, colored
Changes since revision 1.85: +2 -2 lines
MFC: prevent panic when pkts > MTU and with DF set get out of a pipe. Actually, after fixing this for the third time (in HEAD, RELENG_3 and RELENG_2_2) i notice that there are a few more places in ip_output() potentially with a similar problem: the head of the mbuf chain is changed, yet the original pointer m0 (which is used in case the pkt exceeds the MTU and has DF set) is not updated. This could lead to panics or more likely to mbuf leaks depending on what happens to the original mbuf pointed by m0. Something worth fixing soon...
Revision 1.86: download - view: text, markup, annotated - select for diffs
Fri Feb 19 18:32:55 1999 UTC (12 years, 11 months ago) by luigi
Branches: MAIN
Diff to: previous 1.85: preferred, colored
Changes since revision 1.85: +2 -2 lines
avoid panic with pkts larger than MTU and DF set coming out of a pipe.
Revision 1.44.2.13: download - view: text, markup, annotated - select for diffs
Fri Feb 19 18:21:25 1999 UTC (12 years, 11 months ago) by luigi
Branches: RELENG_2_2
Diff to: previous 1.44.2.12: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.12: +4 -3 lines
prevent panic when a pkt greater than MTU with DF set comes out of a pipe. Discovered using the "treno" tool from PSC. Reported-by: taniguti@ntttqn.tnl.ntt.co.jp (Hirohisa TANIGUCHI)
Revision 1.85: download - view: text, markup, annotated - select for diffs
Mon Dec 21 21:36:40 1998 UTC (13 years, 1 month ago) by luigi
Branches: MAIN
CVS tags: RELENG_3_BP, RELENG_3_1_0_RELEASE
Branch point for: RELENG_3
Diff to: previous 1.84: preferred, colored
Changes since revision 1.84: +2 -1 lines
Restore 1.82->1.83 change deleted by mistake< per Bruce suggestion
Revision 1.84: download - view: text, markup, annotated - select for diffs
Mon Dec 14 18:09:13 1998 UTC (13 years, 2 months ago) by luigi
Branches: MAIN
Diff to: previous 1.83: preferred, colored
Changes since revision 1.83: +89 -18 lines
Last bits (i think) of dummynet for -current.
Revision 1.44.2.12: download - view: text, markup, annotated - select for diffs
Fri Nov 20 03:09:02 1998 UTC (13 years, 2 months ago) by jkoshy
Branches: RELENG_2_2
CVS tags: RELENG_2_2_8_RELEASE
Diff to: previous 1.44.2.11: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.11: +2 -1 lines
MFC: {rev 1.82} copy M_MCAST bit into fragmented packets.
Approved by: wollman
Revision 1.83: download - view: text, markup, annotated - select for diffs
Tue Nov 10 09:16:28 1998 UTC (13 years, 3 months ago) by peter
Branches: MAIN
Diff to: previous 1.82: preferred, colored
Changes since revision 1.82: +2 -1 lines
add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE()
Revision 1.44.2.11: download - view: text, markup, annotated - select for diffs
Mon Sep 21 08:55:22 1998 UTC (13 years, 4 months ago) by luigi
Branches: RELENG_2_2
Diff to: previous 1.44.2.10: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.10: +3 -4 lines
Fix the ipfw/natd problem for which people has been shouting at me for the last few days. It was a stupid uninitialized variable, and the bug was generated when i cleaned up the code removing redundant(!) initializations before the commit. Thanks to Studded@dal.net and Allan Saddi who provided traces to help track down the problem.
Revision 1.44.2.10: download - view: text, markup, annotated - select for diffs
Thu Sep 17 18:02:26 1998 UTC (13 years, 4 months ago) by luigi
Branches: RELENG_2_2
Diff to: previous 1.44.2.9: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.9: +74 -16 lines
bring DUMMYNET and BRIDGE support into -stable decouple BPF and PROMISC handling on some if drivers make ipstat available through sysctl (already in -current) NOTE: you have to recompile ipfw!
Revision 1.82: download - view: text, markup, annotated - select for diffs
Wed Sep 2 15:11:14 1998 UTC (13 years, 5 months ago) by wollman
Branches: MAIN
CVS tags: RELENG_3_0_0_RELEASE
Diff to: previous 1.81: preferred, colored
Changes since revision 1.81: +2 -1 lines
Properly fragment multicast packets. PR: 7802 Submitted by: Steve McCanne <mccanne@cs.berkeley.edu>
Revision 1.81: download - view: text, markup, annotated - select for diffs
Sun Aug 23 03:07:14 1998 UTC (13 years, 5 months ago) by wollman
Branches: MAIN
Diff to: previous 1.80: preferred, colored
Changes since revision 1.80: +214 -185 lines
Yow! Completely change the way socket options are handled, eliminating another specialized mbuf type in the process. Also clean up some of the cruft surrounding IPFW, multicast routing, RSVP, and other ill-explored corners.
Revision 1.80: download - view: text, markup, annotated - select for diffs
Sat Aug 1 08:44:33 1998 UTC (13 years, 6 months ago) by peter
Branches: MAIN
Diff to: previous 1.79: preferred, colored
Changes since revision 1.79: +2 -3 lines
Fix a compile error if IPFIREWALL_FORWARD active without IPDIVERT.
Revision 1.79: download - view: text, markup, annotated - select for diffs
Mon Jul 13 12:12:25 1998 UTC (13 years, 7 months ago) by bde
Branches: MAIN
Diff to: previous 1.78: preferred, colored
Changes since revision 1.78: +2 -2 lines
Fixed some longs that should have been fixed-sized types.
Revision 1.78: download - view: text, markup, annotated - select for diffs
Mon Jul 6 05:04:33 1998 UTC (13 years, 7 months ago) by julian
Branches: MAIN
Diff to: previous 1.77: preferred, colored
Changes since revision 1.77: +2 -1 lines
Don't expect the new code to be used without the right option file being included.
Revision 1.77: download - view: text, markup, annotated - select for diffs
Mon Jul 6 05:00:53 1998 UTC (13 years, 7 months ago) by julian
Branches: MAIN
Diff to: previous 1.76: preferred, colored
Changes since revision 1.76: +2 -2 lines
Fix braino in switching to TAILQ macro.
Revision 1.76: download - view: text, markup, annotated - select for diffs
Mon Jul 6 03:20:17 1998 UTC (13 years, 7 months ago) by julian
Branches: MAIN
Diff to: previous 1.75: preferred, colored
Changes since revision 1.75: +132 -7 lines
Support for IPFW based transparent forwarding. Any packet that can be matched by a ipfw rule can be redirected transparently to another port or machine. Redirection to another port mostly makes sense with tcp, where a session can be set up between a proxy and an unsuspecting client. Redirection to another machine requires that the other machine also be expecting to receive the forwarded packets, as their headers will not have been modified. /sbin/ipfw must be recompiled!!! Reviewed by: Peter Wemm <peter@freebsd.org> Submitted by: Chrisy Luke <chrisy@flix.net>
Revision 1.44.2.9: download - view: text, markup, annotated - select for diffs
Wed Jul 1 01:38:37 1998 UTC (13 years, 7 months ago) by julian
Branches: RELENG_2_2
CVS tags: RELENG_2_2_7_RELEASE
Diff to: previous 1.44.2.8: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.8: +3 -3 lines
MFC: merge in some minor cleanups for IP divert
Revision 1.75: download - view: text, markup, annotated - select for diffs
Sun Jun 21 14:53:32 1998 UTC (13 years, 7 months ago) by bde
Branches: MAIN
CVS tags: PRE_NOBDEV
Diff to: previous 1.74: preferred, colored
Changes since revision 1.74: +1 -2 lines
Removed unused includes.
Revision 1.74: download - view: text, markup, annotated - select for diffs
Mon Jun 15 00:35:47 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.73: preferred, colored
Changes since revision 1.73: +2 -2 lines
fix another typo
Revision 1.73: download - view: text, markup, annotated - select for diffs
Sun Jun 14 20:58:17 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.72: preferred, colored
Changes since revision 1.72: +9 -1 lines
Try narrow down the culprit sending undefined packet types through the loopback
Revision 1.72: download - view: text, markup, annotated - select for diffs
Fri Jun 12 03:48:19 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.71: preferred, colored
Changes since revision 1.71: +4 -4 lines
Go through the loopback code with a broom.. Remove lots'o'hacks. looutput is now static. Other callers who want to use loopback to allow shortcutting should call the special entrypoint for this, if_simloop(), which is specifically designed for this purpose. Using looutput for this purpose was problematic, particularly with bpf and trying to keep track of whether one should be using the charateristics of the loopback interface or the interface (e.g. if_ethersubr.c) that was requesting the loopback. There was a whole class of errors due to this mis-use each of which had hacks to cover them up. Consists largly of hack removal :-)
Revision 1.71: download - view: text, markup, annotated - select for diffs
Sat Jun 6 21:49:17 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.70: preferred, colored
Changes since revision 1.70: +2 -2 lines
Make sure the default value of a dummy variable is 0 so that it doesn't do anything.
Revision 1.70: download - view: text, markup, annotated - select for diffs
Sat Jun 6 20:45:28 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.69: preferred, colored
Changes since revision 1.69: +2 -2 lines
Fix wrong data type for a pointer.
Revision 1.69: download - view: text, markup, annotated - select for diffs
Sat Jun 6 19:39:09 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.68: preferred, colored
Changes since revision 1.68: +4 -11 lines
clean up the changes made to ipfw over the last weeks (should make the ipfw lkm work again)
Revision 1.68: download - view: text, markup, annotated - select for diffs
Fri Jun 5 22:40:00 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.67: preferred, colored
Changes since revision 1.67: +3 -3 lines
Reverse the default sense of the IPFW/DIVERT reinjection code so that the new behaviour is now default. Solves the "infinite loop in diversion" problem when more than one diversion is active. Man page changes follow. The new code is in -stable as the NON default option.
Revision 1.44.2.8: download - view: text, markup, annotated - select for diffs
Fri Jun 5 21:38:11 1998 UTC (13 years, 8 months ago) by julian
Branches: RELENG_2_2
Diff to: previous 1.44.2.7: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.7: +2 -2 lines
MFC: add option to fix divert infinite loop
Revision 1.67: download - view: text, markup, annotated - select for diffs
Mon May 25 10:37:47 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.66: preferred, colored
Changes since revision 1.66: +9 -1 lines
Add optional code to change the way that divert and ipfw work together. Prior to this change, Accidental recursion protection was done by the diverted daemon feeding back the divert port number it got the packet on, as the port number on a sendto(). IPFW knew not to redivert a packet to this port (again). Processing of the ruleset started at the beginning again, skipping that divert port. The new semantic (which is how we should have done it the first time) is that the port number in the sendto() is the rule number AFTER which processing should restart, and on a recvfrom(), the port number is the rule number which caused the diversion. This is much more flexible, and also more intuitive. If the user uses the same sockaddr received when resending, processing resumes at the rule number following that that caused the diversion. The user can however select to resume rule processing at any rule. (0 is restart at the beginning) To enable the new code use option IPFW_DIVERT_RESTART This should become the default as soon as people have looked at it a bit
Revision 1.66: download - view: text, markup, annotated - select for diffs
Sat Mar 21 11:34:20 1998 UTC (13 years, 10 months ago) by peter
Branches: MAIN
CVS tags: PRE_DEVFS_SLICE, POST_DEVFS_SLICE
Diff to: previous 1.65: preferred, colored
Changes since revision 1.65: +10 -15 lines
Make this compile.. There are some unpleasing hacks in here. A major unifdef session is sorely tempting but would destroy any remaining chance of tracking the original sources.
Revision 1.65: download - view: text, markup, annotated - select for diffs
Fri Feb 20 13:37:38 1998 UTC (13 years, 11 months ago) by bde
Branches: MAIN
CVS tags: PRE_SOFTUPDATE, POST_SOFTUPDATE
Diff to: previous 1.64: preferred, colored
Changes since revision 1.64: +2 -2 lines
Don't depend on "implicit int".
Revision 1.64: download - view: text, markup, annotated - select for diffs
Fri Feb 6 12:13:52 1998 UTC (14 years ago) by eivind
Branches: MAIN
Diff to: previous 1.63: preferred, colored
Changes since revision 1.63: +1 -2 lines
Back out DIAGNOSTIC changes.
Revision 1.63: download - view: text, markup, annotated - select for diffs
Wed Feb 4 22:33:09 1998 UTC (14 years ago) by eivind
Branches: MAIN
Diff to: previous 1.62: preferred, colored
Changes since revision 1.62: +2 -1 lines
Turn DIAGNOSTIC into a new-style option.
Revision 1.62: download - view: text, markup, annotated - select for diffs
Fri Nov 7 09:20:45 1997 UTC (14 years, 3 months ago) by phk
Branches: MAIN
Diff to: previous 1.61: preferred, colored
Changes since revision 1.61: +6 -6 lines
Rename some local variables to avoid shadowing other local variables. Found by: -Wshadow
Revision 1.61: download - view: text, markup, annotated - select for diffs
Wed Nov 5 20:17:23 1997 UTC (14 years, 3 months ago) by joerg
Branches: MAIN
Diff to: previous 1.60: preferred, colored
Changes since revision 1.60: +3 -1 lines
Make IPDIVERT a supported option. Alas, in_var.h depends on it, i hope i've found out all files that actually depend on this dependancy. IMHO, it's not very good practice to change the size of internal structs depending on kernel options.
Revision 1.60: download - view: text, markup, annotated - select for diffs
Sun Oct 12 20:25:26 1997 UTC (14 years, 4 months ago) by phk
Branches: MAIN
Diff to: previous 1.59: preferred, colored
Changes since revision 1.59: +2 -2 lines
Last major round (Unless Bruce thinks of somthing :-) of malloc changes. Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them. A couple of finer points by: bde
Revision 1.59: download - view: text, markup, annotated - select for diffs
Sat Oct 11 18:31:32 1997 UTC (14 years, 4 months ago) by phk
Branches: MAIN
Diff to: previous 1.58: preferred, colored
Changes since revision 1.58: +3 -1 lines
Distribute and statizice a lot of the malloc M_* types. Substantial input from: bde
Revision 1.44.2.7: download - view: text, markup, annotated - select for diffs
Tue Sep 30 16:25:08 1997 UTC (14 years, 4 months ago) by davidg
Branches: RELENG_2_2
CVS tags: RELENG_2_2_6_RELEASE, RELENG_2_2_5_RELEASE
Diff to: previous 1.44.2.6: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.6: +5 -5 lines
Merged from -current: data struct reorg and improved ordering of compares in the PCB lookup code (see rev 1.30 of in_pcb.c). This will require a rebuild of netstat.
Revision 1.58: download - view: text, markup, annotated - select for diffs
Sat Aug 2 14:32:53 1997 UTC (14 years, 6 months ago) by bde
Branches: MAIN
Diff to: previous 1.57: preferred, colored
Changes since revision 1.57: +1 -3 lines
Removed unused #includes.
Revision 1.44.2.6: download - view: text, markup, annotated - select for diffs
Fri Jun 20 23:05:38 1997 UTC (14 years, 7 months ago) by julian
Branches: RELENG_2_2
Diff to: previous 1.44.2.5: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.5: +13 -16 lines
YACFC bring back the ipfirewall changes this allows more secure firewall and to reject TCP requests correctly Submitted by: Whistle Communications user-mode changes to follow.
Revision 1.57: download - view: text, markup, annotated - select for diffs
Mon Jun 2 05:02:37 1997 UTC (14 years, 8 months ago) by julian
Branches: MAIN
CVS tags: WOLLMAN_MBUF, BP_WOLLMAN_MBUF
Diff to: previous 1.56: preferred, colored
Changes since revision 1.56: +13 -16 lines
Submitted by: Whistle Communications (archie Cobbs) these are quite extensive additions to the ipfw code. they include a change to the API because the old method was broken, but the user view is kept the same. The new code allows a particular match to skip forward to a particular line number, so that blocks of rules can be used without checking all the intervening rules. There are also many more ways of rejecting connections especially TCP related, and many many more ... see the man page for a complete description.
Revision 1.44.2.5: download - view: text, markup, annotated - select for diffs
Sat May 17 19:18:15 1997 UTC (14 years, 8 months ago) by fenner
Branches: RELENG_2_2
Diff to: previous 1.44.2.4: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.4: +8 -6 lines
Bring in rev 1.56 (pullup ip header in ip_mloopback() ). PR: kern/3410
Revision 1.56: download - view: text, markup, annotated - select for diffs
Tue May 6 21:22:04 1997 UTC (14 years, 9 months ago) by fenner
Branches: MAIN
Diff to: previous 1.55: preferred, colored
Changes since revision 1.55: +8 -6 lines
Pull up the IP header in ip_mloopback(). This makes sure that the operations on the header inside ip_mloopback() are performed on a private copy instead of a shared cluster. PR: kern/3410
Revision 1.55: download - view: text, markup, annotated - select for diffs
Sun Apr 27 20:01:07 1997 UTC (14 years, 9 months ago) by wollman
Branches: MAIN
Diff to: previous 1.54: preferred, colored
Changes since revision 1.54: +3 -2 lines
The long-awaited mega-massive-network-code- cleanup. Part I. This commit includes the following changes: 1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility glue for them is deleted, and the kernel will panic on boot if any are compiled in. 2) Certain protocol entry points are modified to take a process structure, so they they can easily tell whether or not it is possible to sleep, and also to access credentials. 3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt() call. Protocols should use the process pointer they are now passed. 4) The PF_LOCAL and PF_ROUTE families have been updated to use the new style, as has the `raw' skeleton family. 5) PF_LOCAL sockets now obey the process's umask when creating a socket in the filesystem. As a result, LINT is now broken. I'm hoping that some enterprising hacker with a bit more time will either make the broken bits work (should be easy for netipx) or dike them out.
Revision 1.54: download - view: text, markup, annotated - select for diffs
Thu Apr 3 10:47:12 1997 UTC (14 years, 10 months ago) by darrenr
Branches: MAIN
CVS tags: pre_smp_merge, post_smp_merge
Diff to: previous 1.53: preferred, colored
Changes since revision 1.53: +8 -3 lines
Resolve conflicts created by import.
Revision 1.53: download - view: text, markup, annotated - select for diffs
Thu Apr 3 05:14:42 1997 UTC (14 years, 10 months ago) by davidg
Branches: MAIN
Diff to: previous 1.52: preferred, colored
Changes since revision 1.52: +5 -5 lines
Reorganize elements of the inpcb struct to take better advantage of cache lines. Removed the struct ip proto since only a couple of chars were actually being used in it. Changed the order of compares in the PCB hash lookup to take advantage of partial cache line fills (on PPro). Discussed-with: wollman
Revision 1.44.2.4: download - view: text, markup, annotated - select for diffs
Sun Mar 2 19:03:01 1997 UTC (14 years, 11 months ago) by fenner
Branches: RELENG_2_2
CVS tags: WHISTLE_SET_1, WHISTLE_NET_BRANCH_1, WHISTLE_BP1, RELENG_2_2_2_RELEASE, RELENG_2_2_1_RELEASE, RELENG_2_2_0_RELEASE
Diff to: previous 1.44.2.3: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.3: +10 -11 lines
Bring in comment fix from -current. Ok'd by: jkh
Revision 1.52: download - view: text, markup, annotated - select for diffs
Fri Feb 28 19:40:48 1997 UTC (14 years, 11 months ago) by fenner
Branches: MAIN
Diff to: previous 1.51: preferred, colored
Changes since revision 1.51: +10 -11 lines
Fix a comment and some commented-out code in ip_mloopback to reflect how multicast loopback really works.
Revision 1.51: download - view: text, markup, annotated - select for diffs
Sat Feb 22 09:41:36 1997 UTC (14 years, 11 months ago) by peter
Branches: MAIN
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +1 -1 lines
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
Revision 1.50: download - view: text, markup, annotated - select for diffs
Wed Feb 19 14:02:27 1997 UTC (14 years, 11 months ago) by darrenr
Branches: MAIN
Diff to: previous 1.49: preferred, colored
Changes since revision 1.49: +9 -9 lines
change IP Filter hooks to match new 3.1.8 patches for FreeBSD
Revision 1.49: download - view: text, markup, annotated - select for diffs
Mon Feb 10 11:45:28 1997 UTC (15 years ago) by darrenr
Branches: MAIN
Diff to: previous 1.48: preferred, colored
Changes since revision 1.48: +20 -0 lines
Add IP Filter hooks (from patches).
Revision 1.44.2.3: download - view: text, markup, annotated - select for diffs
Mon Feb 3 23:15:51 1997 UTC (15 years ago) by joerg
Branches: RELENG_2_2
Diff to: previous 1.44.2.2: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.2: +2 -2 lines
Fix my misplaced patch from yesterday... *blush*
Revision 1.44.2.2: download - view: text, markup, annotated - select for diffs
Sun Feb 2 18:55:34 1997 UTC (15 years ago) by joerg
Branches: RELENG_2_2
Diff to: previous 1.44.2.1: preferred, colored; branchpoint 1.44: preferred, colored
Changes since revision 1.44.2.1: +2 -1 lines
YAMFC (revisions 1.4, 1.56, and 1.48, respectively)
Revision 1.48: download - view: text, markup, annotated - select for diffs
Sun Feb 2 16:33:12 1997 UTC (15 years ago) by brian
Branches: MAIN
Diff to: previous 1.47: preferred, colored
Changes since revision 1.47: +1 -0 lines
Reset ip_divert_ignore to zero immediately after use - also, set it in the first place, independent of whether sin->sin_port is set. The result is that diverted packets that are being forwarded will be diverted once and only once on the way in (ip_input()) and again, once and only once on the way out (ip_output()) - twice in total. ICMP packets that don't contain a port will now also be diverted.
Revision 1.47: download - view: text, markup, annotated - select for diffs
Tue Jan 14 06:49:02 1997 UTC (15 years, 1 month ago) by jkh
Branches: MAIN
Diff to: previous 1.46: preferred, colored
Changes since revision 1.46: +1 -1 lines
Make the long-awaited change from $Id$ to $FreeBSD$ This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
Revision 1.46: download - view: text, markup, annotated - select for diffs
Fri Dec 13 21:28:58 1996 UTC (15 years, 2 months ago) by wollman
Branches: MAIN
Diff to: previous 1.45: preferred, colored
Changes since revision 1.45: +3 -2 lines
Convert the interface address and IP interface address structures to TAILQs. Fix places which referenced these for no good reason that I can see (the references remain, but were fixed to compile again; they are still questionable).
Revision 1.44.2.1: download - view: text, markup, annotated - select for diffs
Mon Nov 11 23:40:49 1996 UTC (15 years, 3 months ago) by phk
Branches: RELENG_2_2
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +11 -1 lines
Merge from -current
Revision 1.45: download - view: text, markup, annotated - select for diffs
Mon Nov 11 04:56:19 1996 UTC (15 years, 3 months ago) by fenner
Branches: MAIN
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +11 -1 lines
Add the IP_RECVIF socket option, which supplies a packet's incoming interface using a sockaddr_dl. Fix the other packet-information socket options (SO_TIMESTAMP, IP_RECVDSTADDR) to work for multicast UDP and raw sockets as well. (They previously only worked for unicast UDP).
Revision 1.44: download - view: text, markup, annotated - select for diffs
Tue Oct 22 22:26:02 1996 UTC (15 years, 3 months ago) by sos
Branches: MAIN
CVS tags: RELENG_2_2_BP
Branch point for: RELENG_2_2
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +2 -2 lines
Changed args to the nat functions.
Revision 1.43: download - view: text, markup, annotated - select for diffs
Mon Oct 7 19:21:46 1996 UTC (15 years, 4 months ago) by wollman
Branches: MAIN
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +2 -2 lines
All three files: make COMPAT_IPFW==0 case work again. ip_input.c: - delete some dusty code - _IP_VHL - use fast inline header checksum when possible
Revision 1.42: download - view: text, markup, annotated - select for diffs
Wed Aug 21 21:37:04 1996 UTC (15 years, 5 months ago) by sos
Branches: MAIN
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +14 -1 lines
Add hooks for an IP NAT module, much like the firewall stuff... Move the sockopt definitions for the firewall code from ip_fw.h to in.h where it belongs.
Revision 1.41: download - view: text, markup, annotated - select for diffs
Wed Jul 10 19:44:26 1996 UTC (15 years, 7 months ago) by julian
Branches: MAIN
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +27 -6 lines
Adding changes to ipfw and the kernel to support ip packet diversion.. This stuff should not be too destructive if the IPDIVERT is not compiled in.. be aware that this changes the size of the ip_fw struct so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
Revision 1.40: download - view: text, markup, annotated - select for diffs
Sat Jun 8 08:18:59 1996 UTC (15 years, 8 months ago) by bde
Branches: MAIN
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +5 -5 lines
Changed some memcpy()'s back to bcopy()'s. gcc only inlines memcpy()'s whose count is constant and didn't inline these. I want memcpy() in the kernel go away so that it's obvious that it doesn't need to be optimized. Now it is only used for one struct copy in si.c.
Revision 1.39: download - view: text, markup, annotated - select for diffs
Wed May 22 17:23:08 1996 UTC (15 years, 8 months ago) by wollman
Branches: MAIN
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +10 -1 lines
Conditionalize calls to IPFW code on COMPAT_IPFW. This is done slightly unconventionally: If COMPAT_IPFW is not defined, or if it is defined to 1, enable; otherwise, disable. This means that these changes actually have no effect on anyone at the moment. (It just makes it easier for me to keep my code in sync.) In the future, the `not defined' part of the hack should be eliminated, but doing this now would require everyone to change their config files. The same conditionals need to be made in ip_input.c as well for this to ave any useful effect, but I'm not ready to do that right now.
Revision 1.38: download - view: text, markup, annotated - select for diffs
Tue May 21 20:47:31 1996 UTC (15 years, 8 months ago) by peter
Branches: MAIN
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +2 -1 lines
Fix an embarresing error on my part that made the IP_PORTRANGE options return a failure code (even though it worked). This commit brought to you by the 'C' keyword "break".. :-)
Revision 1.37: download - view: text, markup, annotated - select for diffs
Mon May 6 17:42:13 1996 UTC (15 years, 9 months ago) by wollman
Branches: MAIN
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +10 -5 lines
Add three new route flags to help determine what sort of address the destination represents. For IP: - Iff it is a host route, RTF_LOCAL and RTF_BROADCAST indicate local (belongs to this host) and broadcast addresses, respectively. - For all routes, RTF_MULTICAST is set if the destination is multicast. The RTF_BROADCAST flag is used by ip_output() to eliminate a call to in_broadcast() in a common case; this gives about 1% in our packet-generation experiments. All three flags might be used (although they aren't now) to determine whether a packet can be forwarded; a given host route can represent a forwardable address if: (rt->rt_flags & (RTF_HOST | RTF_LOCAL | RTF_BROADCAST | RTF_MULTICAST)) == RTF_HOST Obviously, one still has to do all the work if a host route is not present, but this code allows one to cache the results of such a lookup if rtalloc1() is called without masking RTF_PRCLONING.
Revision 1.36: download - view: text, markup, annotated - select for diffs
Sun Apr 21 13:47:43 1996 UTC (15 years, 9 months ago) by bde
Branches: MAIN
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +2 -2 lines
Fixed in-line IP header checksumming. It was performed on the wrong header in one case.
Revision 1.35: download - view: text, markup, annotated - select for diffs
Thu Apr 18 15:49:06 1996 UTC (15 years, 9 months ago) by wollman
Branches: MAIN
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +51 -39 lines
Three speed-ups in the output path (two small, one substantial):
1) Require all callers to pass a valid route pointer to ip_output()
so that we don't have to check and allocate one off the stack
as was done before. This eliminates one test and some stack
bloat from the common (UDP and TCP) case.
2) Perform the IP header checksum in-line if it's of the usual length.
This results in about a 5% speed-up in my packet-generation test.
3) Use ip_vhl field rather than ip_v and ip_hl bitfields.
Revision 1.34: download - view: text, markup, annotated - select for diffs
Wed Apr 3 13:52:20 1996 UTC (15 years, 10 months ago) by phk
Branches: MAIN
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +6 -8 lines
Add feature for tcp "established". Change interface between netinet and ip_fw to be more general, and thus hopefully also support other ip filtering implementations.
Revision 1.33.2.1: download - view: text, markup, annotated - select for diffs
Mon Apr 1 19:00:31 1996 UTC (15 years, 10 months ago) by wollman
Branches: wollman_polling
Diff to: previous 1.33: preferred, colored; next MAIN 1.34: preferred, colored
Changes since revision 1.33: +22 -29 lines
These are (mostly) my changes for polling of network interrupts, on a private branch. Some of these changes are generally applicable, but most of this is to show other people what I'm up to (and what they need to be prepared for).
Revision 1.33: download - view: text, markup, annotated - select for diffs
Tue Mar 26 18:56:51 1996 UTC (15 years, 10 months ago) by fenner
Branches: MAIN
Branch point for: wollman_polling
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +2 -1 lines
Add missing splx(s) in IP_MULTICAST_IF Submitted by: Jim Binkley <jrb@cs.pdx.edu>
Revision 1.19.4.6: download - view: text, markup, annotated - select for diffs
Wed Mar 13 08:13:16 1996 UTC (15 years, 11 months ago) by pst
Branches: RELENG_2_1_0
CVS tags: RELENG_2_1_7_RELEASE, RELENG_2_1_6_RELEASE, RELENG_2_1_6_1_RELEASE, RELENG_2_1_5_RELEASE
Diff to: previous 1.19.4.5: preferred, colored; branchpoint 1.19: preferred, colored
Changes since revision 1.19.4.5: +4 -1 lines
Bring in fix for kern/1058 from head (along with LBL setsockopt operation)
Revision 1.32: download - view: text, markup, annotated - select for diffs
Wed Mar 13 08:02:43 1996 UTC (15 years, 11 months ago) by pst
Branches: MAIN
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +4 -1 lines
Fix ip option processing for raw IP sockets. This whole thing is a compromise between ignoring options specified in the setsockopt call if IP_HDRINCL is set (the UCB choice when VJ's code was brought in) vs allowing them (what everyone else did, and what is assumed by programs everywhere...sigh). Also perform some checking of the passed down packet to avoid running off the end of a mbuf chain. Reviewed by: fenner
Revision 1.31: download - view: text, markup, annotated - select for diffs
Mon Mar 11 15:13:21 1996 UTC (15 years, 11 months ago) by davidg
Branches: MAIN
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +2 -2 lines
Move or add #include <queue.h> in preparation for upcoming struct socket changes.
Revision 1.19.4.5: download - view: text, markup, annotated - select for diffs
Mon Mar 4 04:56:23 1996 UTC (15 years, 11 months ago) by davidg
Branches: RELENG_2_1_0
Diff to: previous 1.19.4.4: preferred, colored; branchpoint 1.19: preferred, colored
Changes since revision 1.19.4.4: +32 -1 lines
Brought in Path MTU Discovery implementation from main branch. This has been running on wcarchive now for several weeks and makes a substantial improvement in TCP performance.
Revision 1.19.4.4: download - view: text, markup, annotated - select for diffs
Mon Feb 26 15:23:37 1996 UTC (15 years, 11 months ago) by phk
Branches: RELENG_2_1_0
Diff to: previous 1.19.4.3: preferred, colored; branchpoint 1.19: preferred, colored
Changes since revision 1.19.4.3: +2 -2 lines
Update ipfw code to same level as -current.
Revision 1.30: download - view: text, markup, annotated - select for diffs
Sat Feb 24 00:17:35 1996 UTC (15 years, 11 months ago) by phk
Branches: MAIN
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +2 -2 lines
The new firewall functionality: Filter on the direction (in/out). Filter on fragment/not fragment.
Revision 1.29: download - view: text, markup, annotated - select for diffs
Fri Feb 23 15:47:55 1996 UTC (15 years, 11 months ago) by phk
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +9 -11 lines
Big sweep over the IPFIREWALL and IPACCT code. Close the ip-fragment hole. Waste less memory. Rewrite to contemporary more readable style. Kill separate IPACCT facility, use "accept" rules in IPFIREWALL. Filter incoming >and< outgoing packets. Replace "policy" by sticky "deny all" rule. Rules have numbers used for ordering and deletion. Remove "rerorder" code entirely. Count packet & bytecount matches for rules. Code in -current & -stable is now the same.
Revision 1.19.4.3: download - view: text, markup, annotated - select for diffs
Fri Feb 23 15:26:11 1996 UTC (15 years, 11 months ago) by phk
Branches: RELENG_2_1_0
Diff to: previous 1.19.4.2: preferred, colored; branchpoint 1.19: preferred, colored
Changes since revision 1.19.4.2: +9 -11 lines
Big sweep over the IPFIREWALL and IPACCT code. Close the ip-fragment hole. Waste less memory. Rewrite to contemporary more readable style. Kill separate IPACCT facility, use "accept" rules in IPFIREWALL. Filter incoming >and< outgoing packets. Replace "policy" by sticky "deny all" rule. Rules have numbers used for ordering and deletion. Remove "rerorder" code entirely. Count packet & bytecount matches for rules.
Revision 1.28: download - view: text, markup, annotated - select for diffs
Thu Feb 22 21:32:23 1996 UTC (15 years, 11 months ago) by peter
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +44 -1 lines
Make the default behavior of local port assignment match traditional systems (my last change did not mix well with some firewall configurations). As much as I dislike firewalls, this is one thing I I was not prepared to break by default.. :-) Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it. Partly suggested by: pst Reviewed by: wollman
Revision 1.27: download - view: text, markup, annotated - select for diffs
Tue Dec 19 21:24:19 1995 UTC (16 years, 1 month ago) by wollman
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +18 -1 lines
Added a comment about why trying to make a one-behind cache for the route in ip_output() is a bad idea.
Revision 1.26: download - view: text, markup, annotated - select for diffs
Tue Dec 5 17:46:15 1995 UTC (16 years, 2 months ago) by wollman
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +3 -3 lines
Path MTU Discovery is now standard.
Revision 1.25: download - view: text, markup, annotated - select for diffs
Tue Nov 14 20:34:19 1995 UTC (16 years, 3 months ago) by phk
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +12 -6 lines
New style sysctl & staticize alot of stuff.
Revision 1.24: download - view: text, markup, annotated - select for diffs
Mon Oct 16 18:21:09 1995 UTC (16 years, 3 months ago) by wollman
Branches: MAIN
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +15 -1 lines
The ability to administratively change the MTU of an interface presents a few new wrinkles for MTU discovery which tcp_output() had better be prepared to handle. ip_output() is also modified to do something helpful in this case, since it has already calculated the information we need.
Revision 1.19.4.2: download - view: text, markup, annotated - select for diffs
Wed Sep 6 10:31:40 1995 UTC (16 years, 5 months ago) by davidg
Branches: RELENG_2_1_0
CVS tags: RELENG_2_1_0_RELEASE
Diff to: previous 1.19.4.1: preferred, colored; branchpoint 1.19: preferred, colored
Changes since revision 1.19.4.1: +17 -12 lines
Brought in changes from main branch: update to multicast v3.5. Reviewed by: Bill Fenner <fenner@parc.xerox.com>, wollman
Revision 1.23: download - view: text, markup, annotated - select for diffs
Wed Jul 26 18:05:13 1995 UTC (16 years, 6 months ago) by wollman
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +2 -2 lines
Fix test for determining when RSVP is inactive in a router. (In this case, multicast options are not passed to ip_mforward().) The previous version had a wrong test, thus causing RSVP mrouters to forward RSVP messages in violation of the spec.
Revision 1.19.4.1: download - view: text, markup, annotated - select for diffs
Sun Jul 23 05:48:03 1995 UTC (16 years, 6 months ago) by davidg
Branches: RELENG_2_1_0
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +2 -2 lines
Brought in changes from revs 1.21 and 1.22: Fix panic when no mbuf is allocated (when 0 length is passed in setsockopt()).
Revision 1.22: download - view: text, markup, annotated - select for diffs
Sun Jul 2 16:45:07 1995 UTC (16 years, 7 months ago) by joerg
Branches: MAIN
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +2 -4 lines
Slightly modify my previous change to return EINVAL instead of EFAULT. Submitted by: Peter Wemm
Revision 1.21: download - view: text, markup, annotated - select for diffs
Sat Jul 1 19:09:40 1995 UTC (16 years, 7 months ago) by joerg
Branches: MAIN
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +4 -2 lines
I saw a very low-key commit message on the netbsd mailing lists and figured out what the problem was.. Anyway, I rate it as "highly serious". Submitted by: peter@haywire.DIALix.COM (Peter Wemm)
Revision 1.20: download - view: text, markup, annotated - select for diffs
Tue Jun 13 17:51:14 1995 UTC (16 years, 8 months ago) by wollman
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +15 -10 lines
Kernel side of 3.5 multicast routing code, based on work by Bill Fenner and other work done here. The LKM support is probably broken, but it still compiles and will be fixed later.
Revision 1.19: download - view: text, markup, annotated - select for diffs
Tue May 30 08:09:49 1995 UTC (16 years, 8 months ago) by rgrimes
Branches: MAIN
CVS tags: RELENG_2_1_0_BP, RELENG_2_0_5_RELEASE, RELENG_2_0_5_BP, RELENG_2_0_5
Branch point for: RELENG_2_1_0
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +2 -2 lines
Remove trailing whitespace.
Revision 1.18: download - view: text, markup, annotated - select for diffs
Tue May 9 13:35:46 1995 UTC (16 years, 9 months ago) by davidg
Branches: MAIN
CVS tags: RELENG_2_0_5_ALPHA
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +6 -6 lines
Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize.
Revision 1.17: download - view: text, markup, annotated - select for diffs
Wed Apr 26 18:10:55 1995 UTC (16 years, 9 months ago) by pst
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +4 -3 lines
Cleanup loopback interface support. Reviewed by: wollman
Revision 1.16: download - view: text, markup, annotated - select for diffs
Sun Apr 9 01:29:22 1995 UTC (16 years, 10 months ago) by davidg
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -1 lines
Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash, and in_pcblookuphash.
Revision 1.15: download - view: text, markup, annotated - select for diffs
Mon Mar 20 18:31:51 1995 UTC (16 years, 10 months ago) by wollman
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +4 -4 lines
This should be splimp() rather than splnet() since ifaddrs might go away as a result of link-layer processing.
Revision 1.14: download - view: text, markup, annotated - select for diffs
Mon Mar 20 18:11:31 1995 UTC (16 years, 10 months ago) by wollman
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +17 -1 lines
Fix race conditions involved in setting IP multicast options. This should fix Dennis Fortin's problem for good, if I've got it figured out right. (The problem was that a `struct ifaddr' could get deleted out from under the current requester, thus leaving him with an invalid interface pointer and causing even more bogus accesses.)
Revision 1.13: download - view: text, markup, annotated - select for diffs
Thu Mar 16 18:14:59 1995 UTC (16 years, 11 months ago) by bde
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +1 -3 lines
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
Revision 1.12: download - view: text, markup, annotated - select for diffs
Thu Jan 12 13:06:31 1995 UTC (17 years, 1 month ago) by ugen
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +4 -9 lines
Actual firewall change. 1) Firewall is not subdivided on forwarding / blocking chains anymore.Actually only one chain left-it was the blocking one. 2) LKM support.ip_fwdef.c is function pointers definition and goes into kernel along with all INET stuff.
Revision 1.11: download - view: text, markup, annotated - select for diffs
Tue Dec 13 23:08:12 1994 UTC (17 years, 2 months ago) by wollman
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +11 -2 lines
Call rtalloc_ign() so that protocol cloning will not occur at the IP layer.
Revision 1.10: download - view: text, markup, annotated - select for diffs
Mon Dec 12 17:20:54 1994 UTC (17 years, 2 months ago) by ugen
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +4 -2 lines
Add match by interface from which packet arrived (via) Handle right fragmented packets. Remove checking option from kernel..
Revision 1.9: download - view: text, markup, annotated - select for diffs
Wed Nov 16 10:17:10 1994 UTC (17 years, 2 months ago) by jkh
Branches: MAIN
CVS tags: RELEASE_2_0, OLAH_TTCP, BETA_2_0
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +17 -1 lines
Ugen J.S.Antsilevich's latest, happiest, IP firewall code. Poul: Please take this into BETA. It's non-intrusive, and a rather substantial improvement over what was there before.
Revision 1.8: download - view: text, markup, annotated - select for diffs
Wed Sep 14 03:10:13 1994 UTC (17 years, 5 months ago) by wollman
Branches: MAIN
CVS tags: ALPHA_2_0
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +7 -5 lines
Shuffle some functions and variables around to make it possible for multicast routing to be implemented as an LKM. (There's still a bit of work to do in this area.)
Revision 1.7: download - view: text, markup, annotated - select for diffs
Fri Sep 9 22:05:02 1994 UTC (17 years, 5 months ago) by wollman
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +3 -2 lines
Disable IPMULTICAST_VIF socket option when MROUTING is not defined, since it doesn'tmake any sense for non-routers. CVS:
Revision 1.6: download - view: text, markup, annotated - select for diffs
Tue Sep 6 22:42:24 1994 UTC (17 years, 5 months ago) by wollman
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +36 -3 lines
Initial get-the-easy-case-working upgrade of the multicast code to something more recent than the ancient 1.2 release contained in 4.4. This code has the following advantages as compared to previous versions (culled from the README file for the SunOS release): - True multicast delivery - Configurable rate-limiting of forwarded multicast traffic on each physical interface or tunnel, using a token-bucket limiter. - Simplistic classification of packets for prioritized dropping. - Administrative scoping of multicast address ranges. - Faster detection of hosts leaving groups. - Support for multicast traceroute (code not yet available). - Support for RSVP, the Resource Reservation Protocol. What still needs to be done: - The multicast forwarder needs testing. - The multicast routing daemon needs to be ported. - Network interface drivers need to have the `#ifdef MULTICAST' goop ripped out of them. - The IGMP code should probably be bogon-tested. Some notes about the porting process: In some cases, the Berkeley people decided to incorporate functionality from later releases of the multicast code, but then had to do things differently. As a result, if you look at Deering's patches, and then look at our code, it is not always obvious whether the patch even applies. Let the reader beware. I ran ip_mroute.c through several passes of `unifdef' to get rid of useless grot, and to permanently enable the RSVP support, which we will include as standard. Ported by: Garrett Wollman Submitted by: Steve Deering and Ajit Thyagarajan (among others)
Revision 1.5: download - view: text, markup, annotated - select for diffs
Thu Aug 18 22:35:31 1994 UTC (17 years, 5 months ago) by wollman
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +3 -1 lines
Fix up some sloppy coding practices: - Delete redundant declarations. - Add -Wredundant-declarations to Makefile.i386 so they don't come back. - Delete sloppy COMMON-style declarations of uninitialized data in header files. - Add a few prototypes. - Clean up warnings resulting from the above. NB: ioconf.c will still generate a redundant-declaration warning, which is unavoidable unless somebody volunteers to make `config' smarter.
Revision 1.4: download - view: text, markup, annotated - select for diffs
Tue Aug 2 07:48:45 1994 UTC (17 years, 6 months ago) by davidg
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +1 -0 lines
Added $Id$
Revision 1.3: download - view: text, markup, annotated - select for diffs
Mon Aug 1 12:01:45 1994 UTC (17 years, 6 months ago) by davidg
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +10 -0 lines
fixed bug where large amounts of unidirectional UDP traffic would fill the interface output queue and further udp packets would be fragmented and only partially sent - keeping the output queue full and jamming the network, but not actually getting any real work done (because you can't send just 'part' of a udp packet - if you fragment it, you must send the whole thing). The fix involves adding a check to make sure that the output queue has sufficient space for all of the fragments.
Revision 1.2: download - view: text, markup, annotated - select for diffs
Wed May 25 09:11:33 1994 UTC (17 years, 8 months ago) by rgrimes
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -1 lines
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch. Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue May 24 10:06:21 1994 UTC (17 years, 8 months ago) by rgrimes
Branches: CSRG
CVS tags: bsd_44_lite_2, bsd_44_lite, REL_before_johndavid_2_0_0
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
BSD 4.4 Lite Kernel Sources
Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue May 24 10:06:20 1994 UTC (17 years, 8 months ago) by rgrimes
Branches: MAIN
Initial revision