CVS log for src/sys/netinet/ip_var.h
![[BACK]](/gifs/back.gif){kind=small}
Up to [FreeBSD] / src / sys / netinet
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.115.2.7: download - view: text, markup, annotated - select for diffs
Thu Jan 26 10:33:19 2012 UTC (2 weeks, 1 day ago) by ae
Branches: RELENG_8
Diff to: previous 1.115.2.6: preferred, colored; branchpoint 1.115: preferred, colored; next MAIN 1.116: preferred, colored
Changes since revision 1.115.2.6: +1 -0 lines
SVN rev 230575 on 2012-01-26 10:33:19Z by ae MFC r223666: Add new rule actions "call" and "return" to ipfw. They make possible to organize subroutines with rules. The "call" action saves the current rule number in the internal stack and rules processing continues from the first rule with specified number (similar to skipto action). If later a rule with "return" action is encountered, the processing returns to the first rule with number of "call" rule saved in the stack plus one or higher. Submitted by: Vadim Goncharov
Revision 1.123: download - view: text, markup, annotated - select for diffs
Thu Dec 29 20:41:16 2011 UTC (6 weeks ago) by jhb
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.122: preferred, colored
Changes since revision 1.122: +1 -0 lines
SVN rev 228969 on 2011-12-29 20:41:16Z by jhb Defer the work of freeing IPv4 multicast options from a socket to an asychronous task. This avoids tearing down multicast state including sending IGMP leave messages and reprogramming MAC filters while holding the per-protocol global pcbinfo lock that is used in the receive path of packet processing. Reviewed by: rwatson MFC after: 1 month
Revision 1.122.2.1.2.1: download - view: text, markup, annotated - select for diffs
Fri Nov 11 04:20:22 2011 UTC (3 months ago) by kensmith
Branches: RELENG_9_0
CVS tags: RELENG_9_0_0_RELEASE
Diff to: previous 1.122.2.1: preferred, colored; next MAIN 1.123: preferred, colored
Changes since revision 1.122.2.1: +0 -0 lines
SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release cycle. Approved by: re (implicit)
Revision 1.122.2.1: download - view: text, markup, annotated - select for diffs
Fri Sep 23 00:51:37 2011 UTC (4 months, 2 weeks ago) by kensmith
Branches: RELENG_9
CVS tags: RELENG_9_0_BP
Branch point for: RELENG_9_0
Diff to: previous 1.122: preferred, colored; next MAIN 1.123: preferred, colored
Changes since revision 1.122: +0 -0 lines
SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith Copy head to stable/9 as part of 9.0-RELEASE release cycle. Approved by: re (implicit)
Revision 1.122: download - view: text, markup, annotated - select for diffs
Wed Jun 29 10:06:58 2011 UTC (7 months, 1 week ago) by ae
Branches: MAIN
CVS tags: RELENG_9_BP
Branch point for: RELENG_9
Diff to: previous 1.121: preferred, colored
Changes since revision 1.121: +1 -0 lines
SVN rev 223666 on 2011-06-29 10:06:58Z by ae Add new rule actions "call" and "return" to ipfw. They make possible to organize subroutines with rules. The "call" action saves the current rule number in the internal stack and rules processing continues from the first rule with specified number (similar to skipto action). If later a rule with "return" action is encountered, the processing returns to the first rule with number of "call" rule saved in the stack plus one or higher. Submitted by: Vadim Goncharov Discussed by: ipfw@, luigi@
Revision 1.121: download - view: text, markup, annotated - select for diffs
Wed Apr 20 08:00:29 2011 UTC (9 months, 3 weeks ago) by bz
Branches: MAIN
Diff to: previous 1.120: preferred, colored
Changes since revision 1.120: +0 -1 lines
SVN rev 220879 on 2011-04-20 08:00:29Z by bz MFp4 CH=191470: Move the ipport_tick_callout and related functions from ip_input.c to in_pcb.c. The random source port allocation code has been merged and is now local to in_pcb.c only. Use a SYSINIT to get the callout started and no longer depend on initialization from the inet code, which would not work in an IPv6 only setup. Reviewed by: gnn Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 4 days
Revision 1.101.2.2.2.1: download - view: text, markup, annotated - select for diffs
Tue Dec 21 17:10:29 2010 UTC (13 months, 2 weeks ago) by kensmith
Branches: RELENG_7_4
CVS tags: RELENG_7_4_0_RELEASE
Diff to: previous 1.101.2.2: preferred, colored; next MAIN 1.102: preferred, colored
Changes since revision 1.101.2.2: +0 -0 lines
SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release. Approved by: re (implicit)
Revision 1.115.2.6.2.1: download - view: text, markup, annotated - select for diffs
Tue Dec 21 17:09:25 2010 UTC (13 months, 2 weeks ago) by kensmith
Branches: RELENG_8_2
CVS tags: RELENG_8_2_0_RELEASE
Diff to: previous 1.115.2.6: preferred, colored; next MAIN 1.115.2.7: preferred, colored
Changes since revision 1.115.2.6: +0 -0 lines
SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release. Approved by: re (implicit)
Revision 1.101.2.2: download - view: text, markup, annotated - select for diffs
Thu Sep 9 06:44:22 2010 UTC (17 months ago) by bz
Branches: RELENG_7
CVS tags: RELENG_7_4_BP
Branch point for: RELENG_7_4
Diff to: previous 1.101.2.1: preferred, colored; branchpoint 1.101: preferred, colored; next MAIN 1.102: preferred, colored
Changes since revision 1.101.2.1: +2 -2 lines
SVN rev 212352 on 2010-09-09 06:44:22Z by bz
MFC r212155:
MFp4 CH=183052 183053 183258:
In protosw we define pr_protocol as short, while on the wire
it is an uint8_t. That way we can have "internal" protocols
like DIVERT, SEND or gaps for modules (PROTO_SPACER).
Switch ipproto_{un,}register to accept a short protocol number(*)
and do an upfront check for valid boundries. With this we
also consistently report EPROTONOSUPPORT for out of bounds
protocols, as we did for proto == 0. This allows a caller
to not error for this case, which is especially important
if we want to automatically call these from domain handling.
(*) the functions have been without any in-tree consumer
since the initial introducation, so this is considered save.
Implement ip6proto_{un,}register() similarly to their legacy IP
counter parts to allow modules to hook up dynamically.
Reviewed by: philip, will
Revision 1.115.2.6: download - view: text, markup, annotated - select for diffs
Thu Sep 9 06:43:18 2010 UTC (17 months ago) by bz
Branches: RELENG_8
CVS tags: RELENG_8_2_BP
Branch point for: RELENG_8_2
Diff to: previous 1.115.2.5: preferred, colored; branchpoint 1.115: preferred, colored
Changes since revision 1.115.2.5: +2 -2 lines
SVN rev 212351 on 2010-09-09 06:43:18Z by bz
MFC r212155:
MFp4 CH=183052 183053 183258:
In protosw we define pr_protocol as short, while on the wire
it is an uint8_t. That way we can have "internal" protocols
like DIVERT, SEND or gaps for modules (PROTO_SPACER).
Switch ipproto_{un,}register to accept a short protocol number(*)
and do an upfront check for valid boundries. With this we
also consistently report EPROTONOSUPPORT for out of bounds
protocols, as we did for proto == 0. This allows a caller
to not error for this case, which is especially important
if we want to automatically call these from domain handling.
(*) the functions have been without any in-tree consumer
since the initial introducation, so this is considered save.
Implement ip6proto_{un,}register() similarly to their legacy IP
counter parts to allow modules to hook up dynamically.
Reviewed by: philip, will
Revision 1.120: download - view: text, markup, annotated - select for diffs
Thu Sep 2 17:43:44 2010 UTC (17 months, 1 week ago) by bz
Branches: MAIN
Diff to: previous 1.119: preferred, colored
Changes since revision 1.119: +2 -2 lines
SVN rev 212155 on 2010-09-02 17:43:44Z by bz
MFp4 CH=183052 183053 183258:
In protosw we define pr_protocol as short, while on the wire
it is an uint8_t. That way we can have "internal" protocols
like DIVERT, SEND or gaps for modules (PROTO_SPACER).
Switch ipproto_{un,}register to accept a short protocol number(*)
and do an upfront check for valid boundries. With this we
also consistently report EPROTONOSUPPORT for out of bounds
protocols, as we did for proto == 0. This allows a caller
to not error for this case, which is especially important
if we want to automatically call these from domain handling.
(*) the functions have been without any in-tree consumer
since the initial introducation, so this is considered save.
Implement ip6proto_{un,}register() similarly to their legacy IP
counter parts to allow modules to hook up dynamically.
Reviewed by: philip, will
MFC after: 1 week
Revision 1.115.2.5.2.1: download - view: text, markup, annotated - select for diffs
Mon Jun 14 02:09:06 2010 UTC (19 months, 4 weeks ago) by kensmith
Branches: RELENG_8_1
CVS tags: RELENG_8_1_0_RELEASE
Diff to: previous 1.115.2.5: preferred, colored; next MAIN 1.115.2.6: preferred, colored
Changes since revision 1.115.2.5: +0 -0 lines
SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith Copy stable/8 to releng/8.1 in preparation for 8.1-RC1. Approved by: re (implicit)
Revision 1.115.2.5: download - view: text, markup, annotated - select for diffs
Thu May 6 06:44:19 2010 UTC (21 months ago) by bz
Branches: RELENG_8
CVS tags: RELENG_8_1_BP
Branch point for: RELENG_8_1
Diff to: previous 1.115.2.4: preferred, colored; branchpoint 1.115: preferred, colored
Changes since revision 1.115.2.4: +6 -7 lines
SVN rev 207695 on 2010-05-06 06:44:19Z by bz MFC r207369: MFP4: @176978-176982, 176984, 176990-176994, 177441 "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH
Revision 1.119: download - view: text, markup, annotated - select for diffs
Thu Apr 29 11:52:42 2010 UTC (21 months, 1 week ago) by bz
Branches: MAIN
Diff to: previous 1.118: preferred, colored
Changes since revision 1.118: +6 -7 lines
SVN rev 207369 on 2010-04-29 11:52:42Z by bz MFP4: @176978-176982, 176984, 176990-176994, 177441 "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH MFC after: 6 days
Revision 1.115.2.4: download - view: text, markup, annotated - select for diffs
Sat Mar 27 17:34:57 2010 UTC (22 months, 2 weeks ago) by bz
Branches: RELENG_8
Diff to: previous 1.115.2.3: preferred, colored; branchpoint 1.115: preferred, colored
Changes since revision 1.115.2.3: +3 -0 lines
SVN rev 205754 on 2010-03-27 17:34:57Z by bz MFC r204140: Split up ip_drain() into an outer lock and iterator part and a "locked" version that will only handle a single network stack instance. The latter is called directly from ip_destroy(). Hook up an ip_destroy() function to release resources from the legacy IP network layer upon virtual network stack teardown. Reviewed by: rwatson
Revision 1.115.2.3: download - view: text, markup, annotated - select for diffs
Tue Mar 23 09:58:59 2010 UTC (22 months, 2 weeks ago) by luigi
Branches: RELENG_8
Diff to: previous 1.115.2.2: preferred, colored; branchpoint 1.115: preferred, colored
Changes since revision 1.115.2.2: +44 -3 lines
SVN rev 205511 on 2010-03-23 09:58:59Z by luigi MFC of a large number of ipfw and dummynet fixes and enhancements done in CURRENT over the last 4 months. HEAD and RELENG_8 are almost in sync now for ipfw, dummynet the pfil hooks and related components. Among the most noticeable changes: - r200855 more efficient lookup of skipto rules, and remove O(N) blocks from critical sections in the kernel; - r204591 large restructuring of the dummynet module, with support for multiple scheduling algorithms (4 available so far) See the original commit logs for details. Changes in the kernel/userland ABI should be harmless because the kernel is able to understand previous requests from RELENG_8 and RELENG_7. For this reason, this changeset would be applicable to RELENG_7 as well, but i am not sure if it is worthwhile.
Revision 1.118: download - view: text, markup, annotated - select for diffs
Sat Feb 20 19:59:52 2010 UTC (23 months, 2 weeks ago) by bz
Branches: MAIN
Diff to: previous 1.117: preferred, colored
Changes since revision 1.117: +3 -0 lines
SVN rev 204140 on 2010-02-20 19:59:52Z by bz Split up ip_drain() into an outer lock and iterator part and a "locked" version that will only handle a single network stack instance. The latter is called directly from ip_destroy(). Hook up an ip_destroy() function to release resources from the legacy IP network layer upon virtual network stack teardown. Sponsored by: ISPsystem Reviewed by: rwatson MFC After: 5 days
Revision 1.101.2.1.6.1: download - view: text, markup, annotated - select for diffs
Wed Feb 10 00:26:20 2010 UTC (2 years ago) by kensmith
Branches: RELENG_7_3
CVS tags: RELENG_7_3_0_RELEASE
Diff to: previous 1.101.2.1: preferred, colored; next MAIN 1.101.2.2: preferred, colored
Changes since revision 1.101.2.1: +0 -0 lines
SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process. Approved by: re (implicit)
Revision 1.115.2.2: download - view: text, markup, annotated - select for diffs
Sun Feb 7 09:00:22 2010 UTC (2 years ago) by julian
Branches: RELENG_8
Diff to: previous 1.115.2.1: preferred, colored; branchpoint 1.115: preferred, colored
Changes since revision 1.115.2.1: +9 -3 lines
SVN rev 203605 on 2010-02-07 09:00:22Z by julian
MFC of 197952 and 198075
Virtualize the pfil hooks so that different jails may chose different
packet filters. ALso allows ipfw to be enabled on on ejail and disabled
on another. In 8.0 it's a global setting.
and
Unbreak the VIMAGE build with IPSEC, broken with r197952 by
virtualizing the pfil hooks.
For consistency add the V_ to virtualize the pfil hooks in here as well.
Revision 1.117: download - view: text, markup, annotated - select for diffs
Thu Jan 7 10:39:15 2010 UTC (2 years, 1 month ago) by luigi
Branches: MAIN
Diff to: previous 1.116: preferred, colored
Changes since revision 1.116: +44 -3 lines
SVN rev 201735 on 2010-01-07 10:39:15Z by luigi Following up on a request from Ermal Luci to make ip_divert work as a client of pf(4), make ip_divert not depend on ipfw. This is achieved by moving to ip_var.h the struct ipfw_rule_ref (which is part of the mtag for all reinjected packets) and other declarations of global variables, and moving to raw_ip.c global variables for filter and divert hooks. Note that names and locations could be made more generic (ipfw_rule_ref is really a generic reference robust to reconfigurations; the packet filter is not necessarily ipfw; filters and their clients are not necessarily limited to ipv4), but _right now_ most of this stuff works on ipfw and ipv4, so i don't feel like doing a gratuitous renaming, at least for the time being.
Revision 1.115.2.1.2.1: download - view: text, markup, annotated - select for diffs
Sun Oct 25 01:10:29 2009 UTC (2 years, 3 months ago) by kensmith
Branches: RELENG_8_0
CVS tags: RELENG_8_0_0_RELEASE
Diff to: previous 1.115.2.1: preferred, colored; next MAIN 1.115.2.2: preferred, colored
Changes since revision 1.115.2.1: +0 -0 lines
SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure. Approved by: re (implicit)
Revision 1.116: download - view: text, markup, annotated - select for diffs
Sun Oct 11 05:59:43 2009 UTC (2 years, 4 months ago) by julian
Branches: MAIN
Diff to: previous 1.115: preferred, colored
Changes since revision 1.115: +9 -3 lines
SVN rev 197952 on 2009-10-11 05:59:43Z by julian Virtualize the pfil hooks so that different jails may chose different packet filters. ALso allows ipfw to be enabled on on ejail and disabled on another. In 8.0 it's a global setting. Sitting aroung in tree waiting to commit for: 2 months MFC after: 2 months
Revision 1.115.2.1: download - view: text, markup, annotated - select for diffs
Mon Aug 3 08:13:06 2009 UTC (2 years, 6 months ago) by kensmith
Branches: RELENG_8
CVS tags: RELENG_8_0_BP
Branch point for: RELENG_8_0
Diff to: previous 1.115: preferred, colored
Changes since revision 1.115: +0 -0 lines
SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith Copy head to stable/8 as part of 8.0 Release cycle. Approved by: re (Implicit)
Revision 1.115: download - view: text, markup, annotated - select for diffs
Sun Aug 2 19:43:32 2009 UTC (2 years, 6 months ago) by rwatson
Branches: MAIN
CVS tags: RELENG_8_BP
Branch point for: RELENG_8
Diff to: previous 1.114: preferred, colored
Changes since revision 1.114: +14 -0 lines
SVN rev 196039 on 2009-08-02 19:43:32Z by rwatson
Many network stack subsystems use a single global data structure to hold
all pertinent statatistics for the subsystem. These structures are
sometimes "borrowed" by kernel modules that require a place to store
statistics for similar events.
Add KPI accessor functions for statistics structures referenced by kernel
modules so that they no longer encode certain specifics of how the data
structures are named and stored. This change is intended to make it
easier to move to per-CPU network stats following 8.0-RELEASE.
The following modules are affected by this change:
if_bridge
if_cxgb
if_gif
ip_mroute
ipdivert
pf
In practice, most of these statistics consumers should, in fact, maintain
their own statistics data structures rather than borrowing structures
from the base network stack. However, that change is too agressive for
this point in the release cycle.
Reviewed by: bz
Approved by: re (kib)
Revision 1.114: download - view: text, markup, annotated - select for diffs
Thu Jul 16 21:13:04 2009 UTC (2 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.113: preferred, colored
Changes since revision 1.113: +9 -9 lines
SVN rev 195727 on 2009-07-16 21:13:04Z by rwatson Remove unused VNET_SET() and related macros; only VNET_GET() is ever actually used. Rename VNET_GET() to VNET() to shorten variable references. Discussed with: bz, julian Reviewed by: bz Approved by: re (kensmith, kib)
Revision 1.113: download - view: text, markup, annotated - select for diffs
Tue Jul 14 22:48:30 2009 UTC (2 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.112: preferred, colored
Changes since revision 1.112: +27 -11 lines
SVN rev 195699 on 2009-07-14 22:48:30Z by rwatson Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables. Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker. Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided. This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS. Bump __FreeBSD_version and update UPDATING. Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
Revision 1.112: download - view: text, markup, annotated - select for diffs
Wed Jun 17 12:44:11 2009 UTC (2 years, 7 months ago) by bz
Branches: MAIN
Diff to: previous 1.111: preferred, colored
Changes since revision 1.111: +0 -3 lines
SVN rev 194357 on 2009-06-17 12:44:11Z by bz Add the explicit include of vimage.h to another five .c files still missing it. Remove the "hidden" kernel only include of vimage.h from ip_var.h added with the very first Vimage commit r181803 to avoid further kernel poisoning.
Revision 1.111: download - view: text, markup, annotated - select for diffs
Mon Jun 8 17:15:40 2009 UTC (2 years, 8 months ago) by zec
Branches: MAIN
Diff to: previous 1.110: preferred, colored
Changes since revision 1.110: +3 -0 lines
SVN rev 193731 on 2009-06-08 17:15:40Z by zec Introduce an infrastructure for dismantling vnet instances. Vnet modules and protocol domains may now register destructor functions to clean up and release per-module state. The destructor mechanisms can be triggered by invoking "vimage -d", or a future equivalent command which will be provided via the new jail framework. While this patch introduces numerous placeholder destructor functions, many of those are currently incomplete, thus leaking memory or (even worse) failing to stop all running timers. Many of such issues are already known and will be incrementaly fixed over the next weeks in smaller incremental commits. Apart from introducing new fields in structs ifnet, domain, protosw and vnet_net, which requires the kernel and modules to be rebuilt, this change should have no impact on nooptions VIMAGE builds, since vnet destructors can only be called in VIMAGE kernels. Moreover, destructor functions should be in general compiled in only in options VIMAGE builds, except for kernel modules which can be safely kldunloaded at run time. Bump __FreeBSD_version to 800097. Reviewed by: bz, julian Approved by: rwatson, kib (re), julian (mentor)
Revision 1.110: download - view: text, markup, annotated - select for diffs
Fri Jun 5 13:44:30 2009 UTC (2 years, 8 months ago) by luigi
Branches: MAIN
Diff to: previous 1.109: preferred, colored
Changes since revision 1.109: +9 -1 lines
SVN rev 193502 on 2009-06-05 13:44:30Z by luigi More cleanup in preparation of ipfw relocation (no actual code change): + move ipfw and dummynet hooks declarations to raw_ip.c (definitions in ip_var.h) same as for most other global variables. This removes some dependencies from ip_input.c; + remove the IPFW_LOADED macro, just test ip_fw_chk_ptr directly; + remove the DUMMYNET_LOADED macro, just test ip_dn_io_ptr directly; + move ip_dn_ruledel_ptr to ip_fw2.c which is the only file using it; To be merged together with rev 193497 MFC after: 5 days
Revision 1.101.2.1.4.1: download - view: text, markup, annotated - select for diffs
Wed Apr 15 03:14:26 2009 UTC (2 years, 9 months ago) by kensmith
Branches: RELENG_7_2
CVS tags: RELENG_7_2_0_RELEASE
Diff to: previous 1.101.2.1: preferred, colored; next MAIN 1.101.2.2: preferred, colored
Changes since revision 1.101.2.1: +0 -0 lines
SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE. Approved by: re (implicit)
Revision 1.109: download - view: text, markup, annotated - select for diffs
Sat Apr 11 23:35:20 2009 UTC (2 years, 10 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.108: preferred, colored
Changes since revision 1.108: +5 -0 lines
SVN rev 190951 on 2009-04-11 23:35:20Z by rwatson Update stats in struct ipstat using four new macros, IPSTAT_ADD(), IPSTAT_INC(), IPSTAT_SUB(), and IPSTAT_DEC(), rather than directly manipulating the fields across the kernel. This will make it easier to change the implementation of these statistics, such as using per-CPU versions of the data structures. MFC after: 3 days
Revision 1.108: download - view: text, markup, annotated - select for diffs
Mon Mar 9 17:53:05 2009 UTC (2 years, 11 months ago) by bms
Branches: MAIN
Diff to: previous 1.107: preferred, colored
Changes since revision 1.107: +0 -19 lines
SVN rev 189592 on 2009-03-09 17:53:05Z by bms Merge IGMPv3 and Source-Specific Multicast (SSM) to the FreeBSD IPv4 stack. Diffs are minimized against p4. PCS has been used for some protocol verification, more widespread testing of recorded sources in Group-and-Source queries is needed. sizeof(struct igmpstat) has changed. __FreeBSD_version is bumped to 800070.
Revision 1.107: download - view: text, markup, annotated - select for diffs
Thu Dec 11 16:26:38 2008 UTC (3 years, 2 months ago) by bz
Branches: MAIN
Diff to: previous 1.106: preferred, colored
Changes since revision 1.106: +4 -2 lines
SVN rev 185937 on 2008-12-11 16:26:38Z by bz Put a global variables, which were virtualized but formerly missed under VIMAGE_GLOBAL. Start putting the extern declarations of the virtualized globals under VIMAGE_GLOBAL as the globals themsevles are already. This will help by the time when we are going to remove the globals entirely. While there garbage collect a few dead externs from ip6_var.h. Sponsored by: The FreeBSD Foundation
Revision 1.106: download - view: text, markup, annotated - select for diffs
Wed Dec 10 23:12:39 2008 UTC (3 years, 2 months ago) by zec
Branches: MAIN
Diff to: previous 1.105: preferred, colored
Changes since revision 1.105: +1 -0 lines
SVN rev 185895 on 2008-12-10 23:12:39Z by zec Conditionally compile out V_ globals while instantiating the appropriate container structures, depending on VIMAGE_GLOBALS compile time option. Make VIMAGE_GLOBALS a new compile-time option, which by default will not be defined, resulting in instatiations of global variables selected for V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be effectively compiled out. Instantiate new global container structures to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0, vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0. Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_ macros resolve either to the original globals, or to fields inside container structures, i.e. effectively #ifdef VIMAGE_GLOBALS #define V_rt_tables rt_tables #else #define V_rt_tables vnet_net_0._rt_tables #endif Update SYSCTL_V_*() macros to operate either on globals or on fields inside container structs. Extend the internal kldsym() lookups with the ability to resolve selected fields inside the virtualization container structs. This applies only to the fields which are explicitly registered for kldsym() visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently this is done only in sys/net/if.c. Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code, and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in turn result in proper code being generated depending on VIMAGE_GLOBALS. De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c which were prematurely V_irtualized by automated V_ prepending scripts during earlier merging steps. PF virtualization will be done separately, most probably after next PF import. Convert a few variable initializations at instantiation to initialization in init functions, most notably in ipfw. Also convert TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in initializer functions. Discussed at: devsummit Strassburg Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
Revision 1.105: download - view: text, markup, annotated - select for diffs
Fri Nov 28 23:30:51 2008 UTC (3 years, 2 months ago) by zec
Branches: MAIN
Diff to: previous 1.104: preferred, colored
Changes since revision 1.104: +0 -12 lines
SVN rev 185419 on 2008-11-28 23:30:51Z by zec Unhide declarations of network stack virtualization structs from underneath #ifdef VIMAGE blocks. This change introduces some churn in #include ordering and nesting throughout the network stack and drivers but is not expected to cause any additional issues. In the next step this will allow us to instantiate the virtualization container structures and switch from using global variables to their "containerized" counterparts. Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
Revision 1.101.2.1.2.1: download - view: text, markup, annotated - select for diffs
Tue Nov 25 02:59:29 2008 UTC (3 years, 2 months ago) by kensmith
Branches: RELENG_7_1
CVS tags: RELENG_7_1_0_RELEASE
Diff to: previous 1.101.2.1: preferred, colored; next MAIN 1.101.2.2: preferred, colored
Changes since revision 1.101.2.1: +0 -0 lines
SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith Create releng/7.1 in preparation for moving into RC phase of 7.1 release cycle. Approved by: re (implicit)
Revision 1.95.2.1.4.1: download - view: text, markup, annotated - select for diffs
Thu Oct 2 02:57:24 2008 UTC (3 years, 4 months ago) by kensmith
Branches: RELENG_6_4
CVS tags: RELENG_6_4_0_RELEASE
Diff to: previous 1.95.2.1: preferred, colored; next MAIN 1.95.8.1: preferred, colored
Changes since revision 1.95.2.1: +0 -0 lines
SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith Create releng/6.4 from stable/6 in preparation for 6.4-RC1. Approved by: re (implicit)
Revision 1.104: download - view: text, markup, annotated - select for diffs
Mon Aug 25 05:49:16 2008 UTC (3 years, 5 months ago) by julian
Branches: MAIN
Diff to: previous 1.103: preferred, colored
Changes since revision 1.103: +1 -1 lines
SVN rev 182146 on 2008-08-25 05:49:16Z by julian Another V_ forgotten
Revision 1.103: download - view: text, markup, annotated - select for diffs
Sun Aug 17 23:27:27 2008 UTC (3 years, 5 months ago) by bz
Branches: MAIN
Diff to: previous 1.102: preferred, colored
Changes since revision 1.102: +4 -1 lines
SVN rev 181803 on 2008-08-17 23:27:27Z by bz Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
Revision 1.101.2.1: download - view: text, markup, annotated - select for diffs
Thu Jul 24 01:13:22 2008 UTC (3 years, 6 months ago) by julian
Branches: RELENG_7
CVS tags: RELENG_7_3_BP, RELENG_7_2_BP, RELENG_7_1_BP
Branch point for: RELENG_7_3, RELENG_7_2, RELENG_7_1
Diff to: previous 1.101: preferred, colored
Changes since revision 1.101: +1 -1 lines
SVN rev 180774 on 2008-07-24 01:13:22Z by julian MFC an ABI compatible implementation of Multiple routing tables. See the commit message for http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/net/route.c version 1.129 (svn change # 178888) for more info. Obtained from: Ironport (Cisco Systems)
Revision 1.102: download - view: text, markup, annotated - select for diffs
Fri May 9 23:02:57 2008 UTC (3 years, 9 months ago) by julian
Branches: MAIN
Diff to: previous 1.101: preferred, colored
Changes since revision 1.101: +1 -1 lines
Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)
Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.
From my notes:
-----
One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.
Constraints:
------------
I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.
One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".
One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.
This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.
Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.
To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.
The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.
The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.
In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.
One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).
You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.
This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.
Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.
Packets fall into one of a number of classes.
1/ locally generated packets, coming from a socket/PCB.
Such packets select a FIB from a number associated with the
socket/PCB. This in turn is inherited from the process,
but can be changed by a socket option. The process in turn
inherits it on fork. I have written a utility call setfib
that acts a bit like nice..
setfib -3 ping target.example.com # will use fib 3 for ping.
It is an obvious extension to make it a property of a jail
but I have not done so. It can be achieved by combining the setfib and
jail commands.
2/ packets received on an interface for forwarding.
By default these packets would use table 0,
(or possibly a number settable in a sysctl(not yet)).
but prior to routing the firewall can inspect them (see below).
(possibly in the future you may be able to associate a FIB
with packets received on an interface.. An ifconfig arg, but not yet.)
3/ packets inspected by a packet classifier, which can arbitrarily
associate a fib with it on a packet by packet basis.
A fib assigned to a packet by a packet classifier
(such as ipfw) would over-ride a fib associated by
a more default source. (such as cases 1 or 2).
4/ a tcp listen socket associated with a fib will generate
accept sockets that are associated with that same fib.
5/ Packets generated in response to some other packet (e.g. reset
or icmp packets). These should use the FIB associated with the
packet being reponded to.
6/ Packets generated during encapsulation.
gif, tun and other tunnel interfaces will encapsulate using the FIB
that was in effect withthe proces that set up the tunnel.
thus setfib 1 ifconfig gif0 [tunnel instructions]
will set the fib for the tunnel to use to be fib 1.
Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)
In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.
In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.
Early testing experience:
-------------------------
Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.
For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.
Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.
ipfw has grown 2 new keywords:
setfib N ip from anay to any
count ip from any to any fib N
In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.
SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.
Where to next:
--------------------
After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.
Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.
My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.
When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.
Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.
This work was sponsored by Ironport Systems/Cisco
Reviewed by: several including rwatson, bz and mlair (parts each)
Obtained from: Ironport systems/Cisco
Revision 1.101: download - view: text, markup, annotated - select for diffs
Tue Jun 12 16:24:53 2007 UTC (4 years, 8 months ago) by bms
Branches: MAIN
CVS tags: RELENG_7_BP, RELENG_7_0_BP, RELENG_7_0_0_RELEASE, RELENG_7_0
Branch point for: RELENG_7
Diff to: previous 1.100: preferred, colored
Changes since revision 1.100: +30 -7 lines
Import rewrite of IPv4 socket multicast layer to support source-specific and protocol-independent host mode multicast. The code is written to accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work. This change only pertains to FreeBSD's use as a multicast end-station and does not concern multicast routing; for an IGMPv3/MLDv2 router implementation, consider the XORP project. The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6, which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html Summary * IPv4 multicast socket processing is now moved out of ip_output.c into a new module, in_mcast.c. * The in_mcast.c module implements the IPv4 legacy any-source API in terms of the protocol-independent source-specific API. * Source filters are lazy allocated as the common case does not use them. They are part of per inpcb state and are covered by the inpcb lock. * struct ip_mreqn is now supported to allow applications to specify multicast joins by interface index in the legacy IPv4 any-source API. * In UDP, an incoming multicast datagram only requires that the source port matches the 4-tuple if the socket was already bound by source port. An unbound socket SHOULD be able to receive multicasts sent from an ephemeral source port. * The UDP socket multicast filter mode defaults to exclusive, that is, sources present in the per-socket list will be blocked from delivery. * The RFC 3678 userland functions have been added to libc: setsourcefilter, getsourcefilter, setipv4sourcefilter, getipv4sourcefilter. * Definitions for IGMPv3 are merged but not yet used. * struct sockaddr_storage is now referenced from <netinet/in.h>. It is therefore defined there if not already declared in the same way as for the C99 types. * The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF which are then interpreted as interface indexes) is now deprecated. * A patch for the Rhyolite.com routed in the FreeBSD base system is available in the -net archives. This only affects individuals running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces. * Make IPv6 detach path similar to IPv4's in code flow; functionally same. * Bump __FreeBSD_version to 700048; see UPDATING. This work was financially supported by another FreeBSD committer. Obtained from: p4://bms_netdev Submitted by: Wilbert de Graaf (original work) Reviewed by: rwatson (locking), silence from fenner, net@ (but with encouragement)
Revision 1.100: download - view: text, markup, annotated - select for diffs
Wed Apr 4 15:30:31 2007 UTC (4 years, 10 months ago) by andre
Branches: MAIN
Diff to: previous 1.99: preferred, colored
Changes since revision 1.99: +36 -31 lines
Some local and style(9) cleanups.
Revision 1.95.8.1: download - view: text, markup, annotated - select for diffs
Tue Nov 28 23:19:18 2006 UTC (5 years, 2 months ago) by rwatson
Branches: RELENG_6_2
CVS tags: RELENG_6_2_0_RELEASE
Diff to: previous 1.95: preferred, colored; next MAIN 1.96: preferred, colored
Changes since revision 1.95: +3 -0 lines
Merge ip_output.c:1.242.2.17, ip_var.h:1.95.2.1, tcp_usrreq.c:1.124.2.4 from RELENG_6 to RELENG_6_2: Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact that so_pcb can be invalidated at any time due to an untimely reset. Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which passes a NULL. Modify tcp_ctloutput() to directly invoke ip_ctloutput_pcbinfo() and pass tcbinfo. Hold the pcbinfo lock when dereferencing so_pcb and acquiring the inpcb lock in order to prevent the inpcb from being freed; the pcbinfo lock is then immediately dropped. This is required as TCP may free the inppcb and invalidate so_pcb due to a reset at any time in the RELENG_6 network stack, which otherwise leads to a panic. This panic might be frequently seen on highly loaded IRC and Samba servers, which have long-lasting TCP connections, query socket options frequently, and see a significant number of reset connections. This change has been merged directly to RELENG_6 as the problem does not exist in HEAD, where the invariants for so_pcb are much stronger; the architectural changes in HEAD avoid the need to acquire a global lock in the socket option path. This change will be merged to RELENG_6_2. PR: 102412, 104765 Reviewed by: Diane Bruce <db at db.net> Tested by: Daniel Austin <daniel at kewlio dot net>, Kai Gallasch <gallasch at free dot de> Approved by: re (kensmith)
Revision 1.95.2.1: download - view: text, markup, annotated - select for diffs
Tue Nov 28 21:41:12 2006 UTC (5 years, 2 months ago) by rwatson
Branches: RELENG_6
CVS tags: RELENG_6_4_BP, RELENG_6_3_BP, RELENG_6_3_0_RELEASE, RELENG_6_3
Branch point for: RELENG_6_4
Diff to: previous 1.95: preferred, colored; next MAIN 1.96: preferred, colored
Changes since revision 1.95: +3 -0 lines
Reformulate ip_ctloutput() and tcp_ctloutput() to work around the fact that so_pcb can be invalidated at any time due to an untimely reset. Move the body of ip_ctloutput() to ip_ctloutput_pcbinfo(), which accepts a pcbinfo argument, and wrap it with ip_ctloutput(), which passes a NULL. Modify tcp_ctloutput() to directly invoke ip_ctloutput_pcbinfo() and pass tcbinfo. Hold the pcbinfo lock when dereferencing so_pcb and acquiring the inpcb lock in order to prevent the inpcb from being freed; the pcbinfo lock is then immediately dropped. This is required as TCP may free the inppcb and invalidate so_pcb due to a reset at any time in the RELENG_6 network stack, which otherwise leads to a panic. This panic might be frequently seen on highly loaded IRC and Samba servers, which have long-lasting TCP connections, query socket options frequently, and see a significant number of reset connections. This change has been merged directly to RELENG_6 as the problem does not exist in HEAD, where the invariants for so_pcb are much stronger; the architectural changes in HEAD avoid the need to acquire a global lock in the socket option path. This change will be merged to RELENG_6_2. PR: 102412, 104765 Reviewed by: Diane Bruce <db at db.net> Tested by: Daniel Austin <daniel at kewlio dot net>, Kai Gallasch <gallasch at free dot de>
Revision 1.99: download - view: text, markup, annotated - select for diffs
Mon Sep 25 10:12:07 2006 UTC (5 years, 4 months ago) by bms
Branches: MAIN
Diff to: previous 1.98: preferred, colored
Changes since revision 1.98: +0 -0 lines
Forced commit to note this change should be MFCed. MFC after: 1 week
Revision 1.98: download - view: text, markup, annotated - select for diffs
Sun May 14 14:22:49 2006 UTC (5 years, 8 months ago) by bms
Branches: MAIN
Diff to: previous 1.97: preferred, colored
Changes since revision 1.97: +3 -2 lines
Fix a long-standing limitation in IPv4 multicast group membership. By making the imo_membership array a dynamically allocated vector, this minimizes disruption to existing IPv4 multicast code. This change breaks the ABI for the kernel module ip_mroute.ko, and may cause a small amount of churn for folks working on the IGMPv3 merge. Previously, sockets were subject to a compile-time limitation on the number of IPv4 group memberships, which was hard-coded to 20. The imo_membership relationship, however, is 1:1 with regards to a tuple of multicast group address and interface address. Users who ran routing protocols such as OSPF ran into this limitation on machines with a large system interface tree.
Revision 1.97: download - view: text, markup, annotated - select for diffs
Sat Nov 19 14:01:32 2005 UTC (6 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.96: preferred, colored
Changes since revision 1.96: +13 -0 lines
Move MAX_IPOPTLEN and struct ipoption back into ip_var.h as userland programs depend on it. Pointed out by: le Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.96: download - view: text, markup, annotated - select for diffs
Fri Nov 18 20:12:39 2005 UTC (6 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.95: preferred, colored
Changes since revision 1.95: +1 -17 lines
Consolidate all IP Options handling functions into ip_options.[ch] and include ip_options.h into all files making use of IP Options functions. From ip_input.c rev 1.306: ip_dooptions(struct mbuf *m, int pass) save_rte(m, option, dst) ip_srcroute(m0) ip_stripoptions(m, mopt) From ip_output.c rev 1.249: ip_insertoptions(m, opt, phlen) ip_optcopy(ip, jp) ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m) No functional changes in this commit. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
Revision 1.89.2.5: download - view: text, markup, annotated - select for diffs
Mon Oct 3 21:51:32 2005 UTC (6 years, 4 months ago) by thompsa
Branches: RELENG_5
CVS tags: RELENG_5_5_BP, RELENG_5_5_0_RELEASE, RELENG_5_5
Diff to: previous 1.89.2.4: preferred, colored; branchpoint 1.89: preferred, colored; next MAIN 1.90: preferred, colored
Changes since revision 1.89.2.4: +6 -0 lines
MFC if_bridge support code Add network hooks and support code for if_bridge, including ipv6 and dummynet support. Use the if_spare1 pointer from struct ifnet to keep ABI. Approved by: mlaier (mentor)
Revision 1.95: download - view: text, markup, annotated - select for diffs
Sat Jul 2 23:13:31 2005 UTC (6 years, 7 months ago) by thompsa
Branches: MAIN
CVS tags: RELENG_6_BP, RELENG_6_2_BP, RELENG_6_1_BP, RELENG_6_1_0_RELEASE, RELENG_6_1, RELENG_6_0_BP, RELENG_6_0_0_RELEASE, RELENG_6_0
Branch point for: RELENG_6_2, RELENG_6
Diff to: previous 1.94: preferred, colored
Changes since revision 1.94: +6 -0 lines
Check the alignment of the IP header before passing the packet up to the packet filter. This would cause a panic on architectures that require strict alignment such as sparc64 (tier1) and ia64/ppc (tier2). This adds two new macros that check the alignment, these are compile time dependent on __NO_STRICT_ALIGNMENT which is set for i386 and amd64 where alignment isn't need so the cost is avoided. IP_HDR_ALIGNED_P() IP6_HDR_ALIGNED_P() Move bridge_ip_checkbasic()/bridge_ip6_checkbasic() up so that the alignment is checked for ipfw and dummynet too. PR: ia64/81284 Obtained from: NetBSD Approved by: re (dwhite), mlaier (mentor)
Revision 1.89.2.4: download - view: text, markup, annotated - select for diffs
Mon Jan 31 23:26:36 2005 UTC (7 years ago) by imp
Branches: RELENG_5
CVS tags: RELENG_5_4_BP, RELENG_5_4_0_RELEASE, RELENG_5_4
Diff to: previous 1.89.2.3: preferred, colored; branchpoint 1.89: preferred, colored
Changes since revision 1.89.2.3: +1 -1 lines
MFC: /*- and related license changes
Revision 1.94: download - view: text, markup, annotated - select for diffs
Fri Jan 7 01:45:44 2005 UTC (7 years, 1 month ago) by imp
Branches: MAIN
Diff to: previous 1.93: preferred, colored
Changes since revision 1.93: +1 -1 lines
/* -> /*- for license, minor formatting changes
Revision 1.50.2.14.6.1: download - view: text, markup, annotated - select for diffs
Sun Jan 2 05:03:16 2005 UTC (7 years, 1 month ago) by silby
Branches: RELENG_4_11
CVS tags: RELENG_4_11_0_RELEASE
Diff to: previous 1.50.2.14: preferred, colored; next MAIN 1.50.2.15: preferred, colored
Changes since revision 1.50.2.14: +1 -0 lines
MFC of port randomization rate-based disabling: in_pcb.c rev 1.157 in_pcb.h rev 1.79 ip_input.c rev 1.293 ip_var.h rev 1.93 Approved by: re
Revision 1.50.2.15: download - view: text, markup, annotated - select for diffs
Sun Jan 2 01:53:44 2005 UTC (7 years, 1 month ago) by silby
Branches: RELENG_4
Diff to: previous 1.50.2.14: preferred, colored; branchpoint 1.50: preferred, colored; next MAIN 1.51: preferred, colored
Changes since revision 1.50.2.14: +1 -0 lines
MFC of port randomization rate-based disabling: in_pcb.c rev 1.157 in_pcb.h rev 1.79 ip_input.c rev 1.293 ip_var.h rev 1.93 Approved by: re
Revision 1.89.2.3: download - view: text, markup, annotated - select for diffs
Sun Jan 2 01:53:22 2005 UTC (7 years, 1 month ago) by silby
Branches: RELENG_5
Diff to: previous 1.89.2.2: preferred, colored; branchpoint 1.89: preferred, colored
Changes since revision 1.89.2.2: +1 -0 lines
MFC of port randomization rate-based disabling: in_pcb.c rev 1.157 in_pcb.h rev 1.79 ip_input.c rev 1.293 ip_var.h rev 1.93
Revision 1.93: download - view: text, markup, annotated - select for diffs
Sun Jan 2 01:50:57 2005 UTC (7 years, 1 month ago) by silby
Branches: MAIN
Diff to: previous 1.92: preferred, colored
Changes since revision 1.92: +1 -0 lines
Port randomization leads to extremely fast port reuse at high connection rates, which is causing problems for some users. To retain the security advantage of random ports and ensure correct operation for high connection rate users, disable port randomization during periods of high connection rates. Whenever the connection rate exceeds randomcps (10 by default), randomization will be disabled for randomtime (45 by default) seconds. These thresholds may be tuned via sysctl. Many thanks to Igor Sysoev, who proved the necessity of this change and tested many preliminary versions of the patch. MFC After: 20 seconds
Revision 1.92: download - view: text, markup, annotated - select for diffs
Tue Oct 19 15:45:57 2004 UTC (7 years, 3 months ago) by andre
Branches: MAIN
Diff to: previous 1.91: preferred, colored
Changes since revision 1.91: +2 -0 lines
Support for dynamically loadable and unloadable IP protocols in the ipmux. With pr_proto_register() it has become possible to dynamically load protocols within the PF_INET domain. However the PF_INET domain has a second important structure called ip_protox[] that is derived from the 'struct protosw inetsw[]' and takes care of the de-multiplexing of the various protocols that ride on top of IP packets. The functions ipproto_[un]register() allow to dynamically adjust the ip_protox[] array mux in a consistent and easy way. To register a protocol within ip_protox[] the existence of a corresponding and matching protocol definition in inetsw[] is required. The function does not allow to overwrite an already registered protocol. The unregister function simply replaces the mux slot with the default index pointer to IPPROTO_RAW as it was previously.
Revision 1.89.2.2: download - view: text, markup, annotated - select for diffs
Thu Sep 23 16:38:53 2004 UTC (7 years, 4 months ago) by andre
Branches: RELENG_5
CVS tags: RELENG_5_3_BP, RELENG_5_3_0_RELEASE, RELENG_5_3
Diff to: previous 1.89.2.1: preferred, colored; branchpoint 1.89: preferred, colored
Changes since revision 1.89.2.1: +1 -1 lines
MFC: Store IP source routing options in mtag instead of global variable. Approved by: re (kensmith)
Revision 1.89.2.1: download - view: text, markup, annotated - select for diffs
Wed Sep 22 19:23:38 2004 UTC (7 years, 4 months ago) by andre
Branches: RELENG_5
Diff to: previous 1.89: preferred, colored
Changes since revision 1.89: +1 -3 lines
MFC: Make PFIL_HOOKS a permanent part of the kernel and remove the associated kernel compile option. Approved by: re (scottl)
Revision 1.91: download - view: text, markup, annotated - select for diffs
Wed Sep 15 20:13:26 2004 UTC (7 years, 4 months ago) by andre
Branches: MAIN
Diff to: previous 1.90: preferred, colored
Changes since revision 1.90: +1 -1 lines
Remove the last two global variables that are used to store packet state while it travels through the IP stack. This wasn't much of a problem because IP source routing is disabled by default but when enabled together with SMP and preemption it would have very likely cross-corrupted the IP options in transit. The IP source route options of a packet are now stored in a mtag instead of the global variable.
Revision 1.90: download - view: text, markup, annotated - select for diffs
Fri Aug 27 15:16:23 2004 UTC (7 years, 5 months ago) by andre
Branches: MAIN
Diff to: previous 1.89: preferred, colored
Changes since revision 1.89: +1 -3 lines
Always compile PFIL_HOOKS into the kernel and remove the associated kernel compile option. All FreeBSD packet filters now use the PFIL_HOOKS API and thus it becomes a standard part of the network stack. If no hooks are connected the entire packet filter hooks section and related activities are jumped over. This removes any performance impact if no hooks are active. Both OpenBSD and DragonFlyBSD have integrated PFIL_HOOKS permanently as well.
Revision 1.89: download - view: text, markup, annotated - select for diffs
Tue Aug 17 22:05:54 2004 UTC (7 years, 5 months ago) by andre
Branches: MAIN
CVS tags: RELENG_5_BP
Branch point for: RELENG_5
Diff to: previous 1.88: preferred, colored
Changes since revision 1.88: +2 -0 lines
Convert ipfw to use PFIL_HOOKS. This is change is transparent to userland and preserves the ipfw ABI. The ipfw core packet inspection and filtering functions have not been changed, only how ipfw is invoked is different. However there are many changes how ipfw is and its add-on's are handled: In general ipfw is now called through the PFIL_HOOKS and most associated magic, that was in ip_input() or ip_output() previously, is now done in ipfw_check_[in|out]() in the ipfw PFIL handler. IPDIVERT is entirely handled within the ipfw PFIL handlers. A packet to be diverted is checked if it is fragmented, if yes, ip_reass() gets in for reassembly. If not, or all fragments arrived and the packet is complete, divert_packet is called directly. For 'tee' no reassembly attempt is made and a copy of the packet is sent to the divert socket unmodified. The original packet continues its way through ip_input/output(). ipfw 'forward' is done via m_tag's. The ipfw PFIL handlers tag the packet with the new destination sockaddr_in. A check if the new destination is a local IP address is made and the m_flags are set appropriately. ip_input() and ip_output() have some more work to do here. For ip_input() the m_flags are checked and a packet for us is directly sent to the 'ours' section for further processing. Destination changes on the input path are only tagged and the 'srcrt' flag to ip_forward() is set to disable destination checks and ICMP replies at this stage. The tag is going to be handled on output. ip_output() again checks for m_flags and the 'ours' tag. If found, the packet will be dropped back to the IP netisr where it is going to be picked up by ip_input() again and the directly sent to the 'ours' section. When only the destination changes, the route's 'dst' is overwritten with the new destination from the forward m_tag. Then it jumps back at the route lookup again and skips the firewall check because it has been marked with M_SKIP_FIREWALL. ipfw 'forward' has to be compiled into the kernel with 'option IPFIREWALL_FORWARD' to enable it. DUMMYNET is entirely handled within the ipfw PFIL handlers. A packet for a dummynet pipe or queue is directly sent to dummynet_io(). Dummynet will then inject it back into ip_input/ip_output() after it has served its time. Dummynet packets are tagged and will continue from the next rule when they hit the ipfw PFIL handlers again after re-injection. BRIDGING and IPFW_ETHER are not changed yet and use ipfw_chk() directly as they did before. Later this will be changed to dedicated ETHER PFIL_HOOKS. More detailed changes to the code: conf/files Add netinet/ip_fw_pfil.c. conf/options Add IPFIREWALL_FORWARD option. modules/ipfw/Makefile Add ip_fw_pfil.c. net/bridge.c Disable PFIL_HOOKS if ipfw for bridging is active. Bridging ipfw is still directly invoked to handle layer2 headers and packets would get a double ipfw when run through PFIL_HOOKS as well. netinet/ip_divert.c Removed divert_clone() function. It is no longer used. netinet/ip_dummynet.[ch] Neither the route 'ro' nor the destination 'dst' need to be stored while in dummynet transit. Structure members and associated macros are removed. netinet/ip_fastfwd.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. netinet/ip_fw.h Removed 'ro' and 'dst' from struct ip_fw_args. netinet/ip_fw2.c (Re)moved some global variables and the module handling. netinet/ip_fw_pfil.c New file containing the ipfw PFIL handlers and module initialization. netinet/ip_input.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. ip_forward() does not longer require the 'next_hop' struct sockaddr_in argument. Disable early checks if 'srcrt' is set. netinet/ip_output.c Removed all direct ipfw handling code and replace it with the new 'ipfw forward' handling code. netinet/ip_var.h Add ip_reass() as general function. (Used from ipfw PFIL handlers for IPDIVERT.) netinet/raw_ip.c Directly check if ipfw and dummynet control pointers are active. netinet/tcp_input.c Rework the 'ipfw forward' to local code to work with the new way of forward tags. netinet/tcp_sack.c Remove include 'opt_ipfw.h' which is not needed here. sys/mbuf.h Remove m_claim_next() macro which was exclusively for ipfw 'forward' and is no longer needed. Approved by: re (scottl)
Revision 1.88: download - view: text, markup, annotated - select for diffs
Sat Aug 14 15:32:19 2004 UTC (7 years, 5 months ago) by dwmalone
Branches: MAIN
Diff to: previous 1.87: preferred, colored
Changes since revision 1.87: +13 -6 lines
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD
have already done this, so I have styled the patch on their work:
1) introduce a ip_newid() static inline function that checks
the sysctl and then decides if it should return a sequential
or random IP ID.
2) named the sysctl net.inet.ip.random_id
3) IPv6 flow IDs and fragment IDs are now always random.
Flow IDs and frag IDs are significantly less common in the
IPv6 world (ie. rarely generated per-packet), so there should
be smaller performance concerns.
The sysctl defaults to 0 (sequential IP IDs).
Reviewed by: andre, silby, mlaier, ume
Based on: NetBSD
MFC after: 2 months
Revision 1.87: download - view: text, markup, annotated - select for diffs
Thu May 6 18:46:03 2004 UTC (7 years, 9 months ago) by andre
Branches: MAIN
Diff to: previous 1.86: preferred, colored
Changes since revision 1.86: +1 -0 lines
Provide the sysctl net.inet.ip.process_options to control the processing of IP options. net.inet.ip.process_options=0 Ignore IP options and pass packets unmodified. net.inet.ip.process_options=1 Process all IP options (default). net.inet.ip.process_options=2 Reject all packets with IP options with ICMP filter prohibited message. This sysctl affects packets destined for the local host as well as those only transiting through the host (routing). IP options do not have any legitimate purpose anymore and are only used to circumvent firewalls or to exploit certain behaviours or bugs in TCP/IP stacks. Reviewed by: sam (mentor)
Revision 1.86: download - view: text, markup, annotated - select for diffs
Sun May 2 06:36:30 2004 UTC (7 years, 9 months ago) by darrenr
Branches: MAIN
Diff to: previous 1.85: preferred, colored
Changes since revision 1.85: +0 -16 lines
Rename ip_claim_next_hop() to m_claim_next_hop(), give it an extra arg (the type of tag to claim) and push it out of ip_var.h into mbuf.h alongside all of the other macros that work ok mbuf's and tag's.
Revision 1.85: download - view: text, markup, annotated - select for diffs
Wed Apr 7 20:46:13 2004 UTC (7 years, 10 months ago) by imp
Branches: MAIN
Diff to: previous 1.84: preferred, colored
Changes since revision 1.84: +0 -4 lines
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
Revision 1.84: download - view: text, markup, annotated - select for diffs
Wed Feb 25 19:55:28 2004 UTC (7 years, 11 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.83: preferred, colored
Changes since revision 1.83: +18 -10 lines
Re-remove MT_TAGs. The problems with dummynet have been fixed now. Tested by: -current, bms(mentor), me Approved by: bms(mentor), sam
Revision 1.83: download - view: text, markup, annotated - select for diffs
Wed Feb 18 00:04:52 2004 UTC (7 years, 11 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.82: preferred, colored
Changes since revision 1.82: +9 -16 lines
Backout MT_TAG removal (i.e. bring back MT_TAGs) for now, as dummynet is not working properly with the patch in place. Approved by: bms(mentor)
Revision 1.82: download - view: text, markup, annotated - select for diffs
Fri Feb 13 19:14:15 2004 UTC (7 years, 11 months ago) by mlaier
Branches: MAIN
Diff to: previous 1.81: preferred, colored
Changes since revision 1.81: +16 -9 lines
This set of changes eliminates the use of MT_TAG "pseudo mbufs", replacing them mostly with packet tags (one case is handled by using an mbuf flag since the linkage between "caller" and "callee" is direct and there's no need to incur the overhead of a packet tag). This is (mostly) work from: sam Silence from: -arch Approved by: bms(mentor), sam, rwatson
Revision 1.81: download - view: text, markup, annotated - select for diffs
Sat Nov 15 01:45:56 2003 UTC (8 years, 2 months ago) by andre
Branches: MAIN
CVS tags: RELENG_5_2_BP, RELENG_5_2_1_RELEASE, RELENG_5_2_0_RELEASE, RELENG_5_2
Diff to: previous 1.80: preferred, colored
Changes since revision 1.80: +3 -0 lines
Make ipstealth global as we need it in ip_fastforward too.
Revision 1.80: download - view: text, markup, annotated - select for diffs
Fri Nov 14 21:48:57 2003 UTC (8 years, 2 months ago) by andre
Branches: MAIN
Diff to: previous 1.79: preferred, colored
Changes since revision 1.79: +1 -2 lines
Remove the global one-level rtcache variable and associated complex locking and rework ip_rtaddr() to do its own rtlookup. Adopt all its callers to this and make ip_output() callable with NULL rt pointer. Reviewed by: sam (mentor)
Revision 1.79: download - view: text, markup, annotated - select for diffs
Wed Nov 12 03:14:29 2003 UTC (8 years, 3 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.78: preferred, colored
Changes since revision 1.78: +1 -5 lines
Modify the MAC Framework so that instead of embedding a (struct label) in various kernel objects to represent security data, we embed a (struct label *) pointer, which now references labels allocated using a UMA zone (mac_label.c). This allows the size and shape of struct label to be varied without changing the size and shape of these kernel objects, which become part of the frozen ABI with 5-STABLE. This opens the door for boot-time selection of the number of label slots, and hence changes to the bound on the number of simultaneous labeled policies at boot-time instead of compile-time. This also makes it easier to embed label references in new objects as required for locking/caching with fine-grained network stack locking, such as inpcb structures. This change also moves us further in the direction of hiding the structure of kernel objects from MAC policy modules, not to mention dramatically reducing the number of '&' symbols appearing in both the MAC Framework and MAC policy modules, and improving readability. While this results in minimal performance change with MAC enabled, it will observably shrink the size of a number of critical kernel data structures for the !MAC case, and should have a small (but measurable) performance benefit (i.e., struct vnode, struct socket) do to memory conservation and reduced cost of zeroing memory. NOTE: Users of MAC must recompile their kernel and all MAC modules as a result of this change. Because this is an API change, third party MAC modules will also need to be updated to make less use of the '&' symbol. Suggestions from: bmilekic Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Revision 1.78: download - view: text, markup, annotated - select for diffs
Sat Nov 8 23:09:42 2003 UTC (8 years, 3 months ago) by sam
Branches: MAIN
Diff to: previous 1.77: preferred, colored
Changes since revision 1.77: +1 -0 lines
divert socket fixups: o pickup Giant in divert_packet to protect sbappendaddr since it can be entered through MPSAFE callouts or through ip_input when mpsafenet is 1 o add missing locking on output o add locking to abort and shutdown o add a ctlinput handler to invalidate held routing table references on an ICMP redirect (may not be needed) Supported by: FreeBSD Foundation
Revision 1.77: download - view: text, markup, annotated - select for diffs
Tue Oct 14 19:19:12 2003 UTC (8 years, 3 months ago) by sam
Branches: MAIN
Diff to: previous 1.76: preferred, colored
Changes since revision 1.76: +1 -1 lines
Lock ip forwarding route cache. While we're at it, remove the global variable ipforward_rt by introducing an ip_forward_cacheinval() call to use to invalidate the cache. Supported by: FreeBSD Foundation
Revision 1.76: download - view: text, markup, annotated - select for diffs
Tue Sep 23 17:54:03 2003 UTC (8 years, 4 months ago) by sam
Branches: MAIN
Diff to: previous 1.75: preferred, colored
Changes since revision 1.75: +4 -0 lines
o update PFIL_HOOKS support to current API used by netbsd o revamp IPv4+IPv6+bridge usage to match API changes o remove pfil_head instances from protosw entries (no longer used) o add locking o bump FreeBSD version for 3rd party modules Heavy lifting by: "Max Laier" <max@love2party.net> Supported by: FreeBSD Foundation Obtained from: NetBSD (bits of pfil.h and pfil.c)
Revision 1.50.2.14: download - view: text, markup, annotated - select for diffs
Tue Sep 9 19:09:22 2003 UTC (8 years, 5 months ago) by bms
Branches: RELENG_4
CVS tags: RELENG_4_9_BP, RELENG_4_9_0_RELEASE, RELENG_4_9, RELENG_4_11_BP, RELENG_4_10_BP, RELENG_4_10_0_RELEASE, RELENG_4_10
Branch point for: RELENG_4_11
Diff to: previous 1.50.2.13: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.13: +1 -0 lines
MFC: Add the IP_ONESBCAST option, to enable undirected IP broadcasts to be sent on specific interfaces. This is required by aodvd, and may in future help us in getting rid of the requirement for BPF from our import of isc-dhcp. PR: kern/37486 Obtained from: BSD/OS Approved by: re, jake (mentor)
Revision 1.50.2.13: download - view: text, markup, annotated - select for diffs
Sun Aug 24 08:24:38 2003 UTC (8 years, 5 months ago) by hsu
Branches: RELENG_4
Diff to: previous 1.50.2.12: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.12: +2 -0 lines
Merge from -current support for Protocol Independent Multicast. Submitted by: Pavlin Radoslavov <pavlin@icir.org>
Revision 1.75: download - view: text, markup, annotated - select for diffs
Wed Aug 20 14:46:40 2003 UTC (8 years, 5 months ago) by bms
Branches: MAIN
Diff to: previous 1.74: preferred, colored
Changes since revision 1.74: +1 -0 lines
Add the IP_ONESBCAST option, to enable undirected IP broadcasts to be sent on specific interfaces. This is required by aodvd, and may in future help us in getting rid of the requirement for BPF from our import of isc-dhcp. Suggested by: fenestro Obtained from: BSD/OS Reviewed by: mini, sam Approved by: jake (mentor)
Revision 1.74: download - view: text, markup, annotated - select for diffs
Thu Aug 7 18:16:59 2003 UTC (8 years, 6 months ago) by hsu
Branches: MAIN
Diff to: previous 1.73: preferred, colored
Changes since revision 1.73: +2 -0 lines
1. Basic PIM kernel support Disabled by default. To enable it, the new "options PIM" must be added to the kernel configuration file (in addition to MROUTING): options MROUTING # Multicast routing options PIM # Protocol Independent Multicast 2. Add support for advanced multicast API setup/configuration and extensibility. 3. Add support for kernel-level PIM Register encapsulation. Disabled by default. Can be enabled by the advanced multicast API. 4. Implement a mechanism for "multicast bandwidth monitoring and upcalls". Submitted by: Pavlin Radoslavov <pavlin@icir.org>
Revision 1.73: download - view: text, markup, annotated - select for diffs
Wed Apr 2 20:14:44 2003 UTC (8 years, 10 months ago) by mdodd
Branches: MAIN
CVS tags: RELENG_5_1_BP, RELENG_5_1_0_RELEASE, RELENG_5_1
Diff to: previous 1.72: preferred, colored
Changes since revision 1.72: +0 -1 lines
Back out support for RFC3514. RFC3514 poses an unacceptale risk to compliant systems.
Revision 1.72: download - view: text, markup, annotated - select for diffs
Tue Apr 1 08:21:44 2003 UTC (8 years, 10 months ago) by mdodd
Branches: MAIN
Diff to: previous 1.71: preferred, colored
Changes since revision 1.71: +1 -0 lines
Implement support for RFC 3514 (The Security Flag in the IPv4 Header). (See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt) This fulfills the host requirements for userland support by way of the setsockopt() IP_EVIL_INTENT message. There are three sysctl tunables provided to govern system behavior. net.inet.ip.rfc3514: Enables support for rfc3514. As this is an Informational RFC and support is not yet widespread this option is disabled by default. net.inet.ip.hear_no_evil If set the host will discard all received evil packets. net.inet.ip.speak_no_evil If set the host will discard all transmitted evil packets. The IP statistics counter 'ips_evil' (available via 'netstat') provides information on the number of 'evil' packets recieved. For reference, the '-E' option to 'ping' has been provided to demonstrate and test the implementation.
Revision 1.50.2.12: download - view: text, markup, annotated - select for diffs
Thu Feb 27 04:50:02 2003 UTC (8 years, 11 months ago) by silby
Branches: RELENG_4
CVS tags: RELENG_4_8_BP, RELENG_4_8_0_RELEASE, RELENG_4_8
Diff to: previous 1.50.2.11: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.11: +1 -0 lines
A correct MFC: ip_input.c revs 1.225, 1.229 ip_var.h rev 1.71 Approved by: re (bmah)
Revision 1.50.2.11: download - view: text, markup, annotated - select for diffs
Thu Feb 27 04:12:01 2003 UTC (8 years, 11 months ago) by silby
Branches: RELENG_4
Diff to: previous 1.50.2.10: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.10: +0 -1 lines
Backout: ip_input 1.130.2.49 ip_var.h 1.50.2.10 This is not even close to a straight mfc, my mistake.
Revision 1.50.2.10: download - view: text, markup, annotated - select for diffs
Thu Feb 27 03:55:46 2003 UTC (8 years, 11 months ago) by silby
Branches: RELENG_4
Diff to: previous 1.50.2.9: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.9: +1 -0 lines
IP frag per packet limits MFC ip_input.c rev 1.225 ip_var.h rev 1.71 Approved by: re (bmah)
Revision 1.71: download - view: text, markup, annotated - select for diffs
Sat Feb 22 06:41:47 2003 UTC (8 years, 11 months ago) by silby
Branches: MAIN
Diff to: previous 1.70: preferred, colored
Changes since revision 1.70: +1 -0 lines
Add the ability to limit the number of IP fragments allowed per packet, and enable it by default, with a limit of 16. At the same time, tweak maxfragpackets downward so that in the worst possible case, IP reassembly can use only 1/2 of all mbuf clusters. MFC after: 3 days Reviewed by: hsu Liked by: bmah
Revision 1.50.2.9: download - view: text, markup, annotated - select for diffs
Thu Jan 23 21:06:45 2003 UTC (9 years ago) by sam
Branches: RELENG_4
Diff to: previous 1.50.2.8: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.8: +2 -1 lines
MFC: m_tag support
Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
inpcb parameter to ip_output and ip6_output to allow the IPsec code to
locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version
Revision 1.50.2.8: download - view: text, markup, annotated - select for diffs
Wed Nov 20 23:20:55 2002 UTC (9 years, 2 months ago) by luigi
Branches: RELENG_4
Diff to: previous 1.50.2.7: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.7: +4 -4 lines
MFC: fix multicast routing KLD support, including some minor bug fixes
(see 1.83 of ip_mroute.c).
In detail:
conf/files
ip_mroute optional mrouting
net/route.c
remove useless #include, MFC mrouting KLD support
netinet/ip_encap.c
remove useless #include, access ipip_input through a function pointer
(only a partial MFC -- -current has a better solution).
fix interface to encap4_input() to avoid varargs
netinet/ip_encap.h
remove __P, fix interface to encap4_input
netinet/ip_input.c
MFC: mrouting KLD support, and move here rsvp_input() together
with the rest of the rsvp code.
netinet/ip_mroute.[ch]
MFC 1.83 mrouting cleanup and KLD support
netinet/ip_output.c
MFC mrouting KLD support
netinet/ip_var.h
MFC support for mrouting KLD
netinet/raw_ip.c
MFC support for mrouting KLD
Also some innocuous style cleanup (fix function headers,
remove register, etc.) which have slipped in and i am too
fed up to remove yet another time (and rerun all the kernel
builds with all possible combinations of relevant options to
make sure their removal does not introduce bugs).
Revision 1.70: download - view: text, markup, annotated - select for diffs
Wed Nov 20 18:56:25 2002 UTC (9 years, 2 months ago) by luigi
Branches: MAIN
CVS tags: RELENG_5_0_BP, RELENG_5_0_0_RELEASE, RELENG_5_0
Diff to: previous 1.69: preferred, colored
Changes since revision 1.69: +0 -2 lines
Back out the ip_fragment() code -- it is not urgent to have it in now, I will put it back in in a better form after 5.0 is out. Requested by: sam, rwatson, luigi (on second thought) Approved by: re
Revision 1.69: download - view: text, markup, annotated - select for diffs
Sun Nov 17 16:30:44 2002 UTC (9 years, 2 months ago) by luigi
Branches: MAIN
Diff to: previous 1.68: preferred, colored
Changes since revision 1.68: +2 -0 lines
Move the ip_fragment code from ip_output() to a separate function, so that it can be reused elsewhere (there is a number of places where it can be useful). This also trims some 200 lines from the body of ip_output(), which helps readability a bit. (This change was discussed a few weeks ago on the mailing lists, Julian agreed, silence from others. It is not a functional change, so i expect it to be ok to commit it now but i am happy to back it out if there are objections). While at it, fix some function headers and replace m_copy() with m_copypacket() where applicable. MFC after: 1 week
Revision 1.68: download - view: text, markup, annotated - select for diffs
Fri Nov 15 22:53:52 2002 UTC (9 years, 2 months ago) by luigi
Branches: MAIN
Diff to: previous 1.67: preferred, colored
Changes since revision 1.67: +4 -3 lines
Massive cleanup of the ip_mroute code.
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
Revision 1.67: download - view: text, markup, annotated - select for diffs
Sun Oct 20 22:52:07 2002 UTC (9 years, 3 months ago) by phk
Branches: MAIN
Diff to: previous 1.66: preferred, colored
Changes since revision 1.66: +0 -2 lines
Fix two instances of variant struct definitions in sys/netinet: Remove the never completed _IP_VHL version, it has not caught on anywhere and it would make us incompatible with other BSD netstacks to retain this version. Add a CTASSERT protecting sizeof(struct ip) == 20. Don't let the size of struct ipq depend on the IPDIVERT option. This is a functional no-op commit. Approved by: re
Revision 1.66: download - view: text, markup, annotated - select for diffs
Wed Oct 16 01:54:44 2002 UTC (9 years, 3 months ago) by sam
Branches: MAIN
Diff to: previous 1.65: preferred, colored
Changes since revision 1.65: +2 -1 lines
Replace aux mbufs with packet tags: o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
Revision 1.65: download - view: text, markup, annotated - select for diffs
Thu Aug 15 14:34:02 2002 UTC (9 years, 5 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.64: preferred, colored
Changes since revision 1.64: +4 -0 lines
Perform a nested include of _label.h if #ifdef _KERNEL. This will satisfy consumers of ip_var.h that need a complete definition of struct ipq and don't include mac.h. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Revision 1.50.2.7: download - view: text, markup, annotated - select for diffs
Fri Aug 9 14:49:22 2002 UTC (9 years, 6 months ago) by ru
Branches: RELENG_4
CVS tags: RELENG_4_7_BP, RELENG_4_7_0_RELEASE, RELENG_4_7
Diff to: previous 1.50.2.6: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.6: +1 -0 lines
MFC: in_rmx.c,v 1.39, ip_input.c,v 1.165, and ip_var.h,v 1.54: Invalidate cached forwarding route (ipforward_rt) whenever a new route is added to the routing table, otherwise we may end up using the wrong route when forwarding. PR: kern/10778 Spotted by: Sergey Starosek <star@sunbay.com>, Andrew Rukavishnikov <rav@sunbay.com>
Revision 1.64: download - view: text, markup, annotated - select for diffs
Tue Jul 30 23:09:20 2002 UTC (9 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.63: preferred, colored
Changes since revision 1.63: +1 -0 lines
Introduce support for Mandatory Access Control and extensible kernel access control. Label IP fragment reassembly queues, permitting security features to be maintained on those objects. ipq_label will be used to manage the reassembly of fragments into IP datagrams using security properties. This permits policies to deny the reassembly of fragments, as well as influence the resulting label of a datagram following reassembly. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Revision 1.63: download - view: text, markup, annotated - select for diffs
Sat Jul 20 22:46:20 2002 UTC (9 years, 6 months ago) by rwatson
Branches: MAIN
Diff to: previous 1.62: preferred, colored
Changes since revision 1.62: +2 -0 lines
Don't export 'struct ipq' from kernel, instead #ifdef _KERNEL. As kernel data structures pick up security and synchronization primitives, it becomes increasingly desirable not to arbitrarily export them via include files to userland, as the userland applications pick up new #include dependencies. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
Revision 1.50.2.6: download - view: text, markup, annotated - select for diffs
Tue Jul 9 09:11:43 2002 UTC (9 years, 7 months ago) by luigi
Branches: RELENG_4
Diff to: previous 1.50.2.5: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.5: +32 -35 lines
The purpose of this commit is to bring the net/ and netinet/ sources
more in sync with what is in -current, so that mainteinance and
bugfix of the two trees is not a nightmare.
THERE IS NO FUNCTIONAL OR EXTERNAL API CHANGE IN THIS COMMIT
You should not need to recompile any userland code.
In (some) more detail, this commit does the following:
* remove a number of static variables from the ip stack that were
used to support DIVERT, IPFIREWALL_FORWARD and stateful rules/
dynamic pipes. These are replaced with packet annotations, much
in the same (ugly for someone, but it is extremely fast and easy
to extend) way used for ages to support dummynet annotations.
On passing, fix a bug in the handling of divert for fragmented packets.
* as part of the removal of static variables, change the (internal)
interface of ip_fw_chk() to use a single structure to hold arguments.
Adapt clients of the above (ip_input, ip_output, bridge, ether_output,
ether_demux) to use the new interface.
* remove some unused variables.
* remove some of the __P() macros from some of the files involved
Because of the NO FUNCTIONAL CHANGE you don't get the following features
which are in -current:
* ipfw on layer-2 packets. All the hooks and the code are there,
but the controlling variable
net.link.ether.ipfw: 0
is readonly because i am only 99% confident on how the old ipfw
handles these frames. Just edit if_ethersubr.c to make the
variable RW if you want this feature. I might commit this in
due time if there is interest.
these frames. Just edit if_ethersubr.c to make it RW if you want this
feature. I might commit this in due time if there is interest.
* ipfw2, the new, faster and more flexible firewall code.
The code has hooks to make use of ipfw2, and I will make patches
available to use it (it is basically 3 files, netinet/ip_fw2.[ch],
sbin/ipfw/ipfw2.c, plus one-line changes in conf/options,
conf/files and sbin/ipfw/Makefile, plus libalias patches).
Revision 1.62: download - view: text, markup, annotated - select for diffs
Sun Jun 23 09:03:42 2002 UTC (9 years, 7 months ago) by luigi
Branches: MAIN
Diff to: previous 1.61: preferred, colored
Changes since revision 1.61: +5 -7 lines
Remove ip_fw_fwd_addr (forgotten in previous commit) remove some extra whitespace.
Revision 1.61: download - view: text, markup, annotated - select for diffs
Sat Jun 22 11:51:02 2002 UTC (9 years, 7 months ago) by luigi
Branches: MAIN
Diff to: previous 1.60: preferred, colored
Changes since revision 1.60: +1 -2 lines
Remove (almost all) global variables that were used to hold
packet forwarding state ("annotations") during ip processing.
The code is considerably cleaner now.
The variables removed by this change are:
ip_divert_cookie used by divert sockets
ip_fw_fwd_addr used for transparent ip redirection
last_pkt used by dynamic pipes in dummynet
Removal of the first two has been done by carrying the annotations
into volatile structs prepended to the mbuf chains, and adding
appropriate code to add/remove annotations in the routines which
make use of them, i.e. ip_input(), ip_output(), tcp_input(),
bdg_forward(), ether_demux(), ether_output_frame(), div_output().
On passing, remove a bug in divert handling of fragmented packet.
Now it is the fragment at offset 0 which sets the divert status of
the whole packet, whereas formerly it was the last incoming fragment
to decide.
Removal of last_pkt required a change in the interface of ip_fw_chk()
and dummynet_io(). On passing, use the same mechanism for dummynet
annotations and for divert/forward annotations.
option IPFIREWALL_FORWARD is effectively useless, the code to
implement it is very small and is now in by default to avoid the
obfuscation of conditionally compiled code.
NOTES:
* there is at least one global variable left, sro_fwd, in ip_output().
I am not sure if/how this can be removed.
* I have deliberately avoided gratuitous style changes in this commit
to avoid cluttering the diffs. Minor stule cleanup will likely be
necessary
* this commit only focused on the IP layer. I am sure there is a
number of global variables used in the TCP and maybe UDP stack.
* despite the number of files touched, there are absolutely no API's
or data structures changed by this commit (except the interfaces of
ip_fw_chk() and dummynet_io(), which are internal anyways), so
an MFC is quite safe and unintrusive (and desirable, given the
improved readability of the code).
MFC after: 10 days
Revision 1.60: download - view: text, markup, annotated - select for diffs
Tue Mar 19 21:25:46 2002 UTC (9 years, 10 months ago) by alfred
Branches: MAIN
Diff to: previous 1.59: preferred, colored
Changes since revision 1.59: +32 -32 lines
Remove __P.
Revision 1.50.2.5: download - view: text, markup, annotated - select for diffs
Fri Dec 7 09:23:14 2001 UTC (10 years, 2 months ago) by ru
Branches: RELENG_4
CVS tags: RELENG_4_6_BP, RELENG_4_6_2_RELEASE, RELENG_4_6_1_RELEASE, RELENG_4_6_0_RELEASE, RELENG_4_6, RELENG_4_5_BP, RELENG_4_5_0_RELEASE, RELENG_4_5
Diff to: previous 1.50.2.4: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.4: +3 -1 lines
MFC: sys/netinet icmp_var.h 1.19, ip_icmp.c 1.64, ip_input.c 1.185, ip_mroute.c 1.69, ip_output.c 1.143, ip_var.h 1.59 usr.bin netstat/inet.c 1.52 - Make ip_rtaddr() global, and use it to look up the correct source address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. - Allow for ip_output() to be called with a NULL route pointer. PR: kern/31575, kern/29337, kern/30524
Revision 1.59: download - view: text, markup, annotated - select for diffs
Fri Nov 30 10:40:28 2001 UTC (10 years, 2 months ago) by ru
Branches: MAIN
Diff to: previous 1.58: preferred, colored
Changes since revision 1.58: +3 -1 lines
- Make ip_rtaddr() global, and use it to look up the correct source address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. PR: kern/31575 Obtained from: BSD/OS MFC after: 1 week
Revision 1.58: download - view: text, markup, annotated - select for diffs
Mon Sep 3 20:03:54 2001 UTC (10 years, 5 months ago) by julian
Branches: MAIN
CVS tags: KSE_PRE_MILESTONE_2, KSE_MILESTONE_2
Diff to: previous 1.57: preferred, colored
Changes since revision 1.57: +5 -5 lines
Patches from Keiichi SHIMA <keiichi@iij.ad.jp> to make ip use the standard protosw structure again. Obtained from: Well, KAME I guess.
Revision 1.50.2.4: download - view: text, markup, annotated - select for diffs
Thu Jul 19 06:37:26 2001 UTC (10 years, 6 months ago) by kris
Branches: RELENG_4
CVS tags: RELENG_4_4_BP, RELENG_4_4_0_RELEASE, RELENG_4_4
Diff to: previous 1.50.2.3: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.3: +7 -1 lines
MFC: Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent.
Revision 1.50.2.3: download - view: text, markup, annotated - select for diffs
Tue Jul 3 11:01:46 2001 UTC (10 years, 7 months ago) by ume
Branches: RELENG_4
Diff to: previous 1.50.2.2: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.2: +5 -1 lines
MFC: Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. etc/defaults/rc.conf: 1.111 etc/rc.network: 1.98 etc/rc.network6: 1.20 lib/libipsec/ipsec_set_policy.3: 1.8 lib/libipsec/ipsec_strerror.3: 1.7 lib/libipsec/ipsec_strerror.c: 1.3 lib/libipsec/ipsec_strerror.h: 1.3 lib/libipsec/libpfkey.h: 1.2 lib/libipsec/pfkey.c: 1.3 lib/libipsec/pfkey_dump.c: 1.3 lib/libipsec/policy_token.l: 1.5 lib/libipsec/test-policy.c: 1.4 sbin/ifconfig/ifconfig.8: 1.42 sbin/ifconfig/ifconfig.c: 1.63 sbin/ping6/ping6.8: 1.10 sbin/ping6/ping6.c: 1.9 sbin/route/route.c: 1.48, 1.50 sbin/rtsol/Makefile: 1.4 share/doc/IPv6/IMPLEMENTATION: 1.3 share/examples/IPv6/USAGE: 1.3 share/man/man4/faith.4: 1.10 share/man/man4/gif.4: 1.9 share/man/man4/inet6.4: 1.8 share/man/man4/ip6.4: 1.8 share/man/man4/ipsec.4: 1.9 share/man/man4/kame.4: 1.8 share/man/man4/stf.4: 1.8 sys/conf/files: 1.534 sys/crypto/md5.c: 1.4 sys/crypto/sha1.c: 1.7 sys/crypto/blowfish/bf_enc.c: 1.4 sys/crypto/blowfish/bf_locl.h: 1.4 sys/crypto/blowfish/bf_skey.c: 1.4 sys/crypto/blowfish/blowfish.h: 1.4 sys/crypto/cast128/cast128.c: 1.4 sys/crypto/cast128/cast128.h: 1.4 sys/crypto/des/des.h: 1.4 sys/crypto/des/des_ecb.c: 1.4 sys/crypto/des/des_locl.h: 1.5 sys/crypto/des/des_setkey.c: 1.4 sys/crypto/rijndael/boxes-fst.dat: 1.2 sys/crypto/rijndael/rijndael-alg-fst.c: 1.2, 1.3 sys/crypto/rijndael/rijndael-alg-fst.h: 1.2 sys/crypto/rijndael/rijndael-api-fst.c: 1.2 sys/crypto/rijndael/rijndael-api-fst.h: 1.2 sys/crypto/rijndael/rijndael_local.h: 1.3 sys/kern/uipc_domain.c: 1.24 sys/kern/uipc_mbuf.c: 1.82 sys/kern/uipc_mbuf2.c: 1.8 sys/net/if.c: 1.109 sys/net/if_faith.c: 1.4, 1.5 sys/net/if_gif.c: 1.10 sys/net/if_gif.h: 1.4 sys/net/if_loop.c: 1.61 sys/net/if_sppp.h: 1.17 sys/net/if_spppsubr.c: 1.68, 1.69 sys/net/net_osdep.c: 1.4 sys/net/net_osdep.h: 1.5 sys/net/pfkeyv2.h: 1.6 sys/net/ppp_defs.h: 1.7 sys/net/rtsock.c: 1.52 sys/netinet/icmp6.h: 1.4 sys/netinet/in.c: 1.54 sys/netinet/in_gif.c: 1.10 sys/netinet/in_pcb.c: 1.84 sys/netinet/in_pcb.h: 1.38 sys/netinet/in_proto.c: 1.56 sys/netinet/ip6.h: 1.5 sys/netinet/ip_ecn.c: 1.4 sys/netinet/ip_ecn.h: 1.4 sys/netinet/ip_encap.c: 1.4 sys/netinet/ip_icmp.c: 1.57 sys/netinet/ip_input.c: 1.171 sys/netinet/ip_output.c: 1.126 sys/netinet/ip_var.h: 1.56 sys/netinet/raw_ip.c: 1.78 sys/netinet/tcp_input.c: 1.132 sys/netinet/tcp_output.c: 1.50 sys/netinet/tcp_subr.c: 1.103 sys/netinet/tcp_usrreq.c: 1.60 sys/netinet/udp_usrreq.c: 1.89 sys/netinet6/ah.h: 1.5 sys/netinet6/ah6.h: 1.4 sys/netinet6/ah_core.c: 1.8 sys/netinet6/ah_input.c: 1.7 sys/netinet6/ah_output.c: 1.7 sys/netinet6/dest6.c: 1.6 sys/netinet6/esp.h: 1.4 sys/netinet6/esp6.h: 1.4 sys/netinet6/esp_core.c: 1.5 sys/netinet6/esp_input.c: 1.7 sys/netinet6/esp_output.c: 1.5 sys/netinet6/frag6.c: 1.8 sys/netinet6/icmp6.c: 1.11 sys/netinet6/in6.c: 1.12 sys/netinet6/in6.h: 1.13 sys/netinet6/in6_cksum.c: 1.4 sys/netinet6/in6_gif.c: 1.5 sys/netinet6/in6_ifattach.c: 1.6 sys/netinet6/in6_ifattach.h: 1.3 sys/netinet6/in6_pcb.c: 1.15 sys/netinet6/in6_pcb.h: 1.4 sys/netinet6/in6_prefix.c: 1.7 sys/netinet6/in6_prefix.h: 1.5 sys/netinet6/in6_proto.c: 1.14 sys/netinet6/in6_rmx.c: 1.4 sys/netinet6/in6_src.c: 1.4 sys/netinet6/in6_var.h: 1.8 sys/netinet6/ip6_ecn.h: 1.4 sys/netinet6/ip6_forward.c: 1.11 sys/netinet6/ip6_fw.c: 1.11 sys/netinet6/ip6_fw.h: 1.11 sys/netinet6/ip6_input.c: 1.27 sys/netinet6/ip6_mroute.c: 1.7 sys/netinet6/ip6_mroute.h: 1.4 sys/netinet6/ip6_output.c: 1.25 sys/netinet6/ip6_var.h: 1.7 sys/netinet6/ip6protosw.h: 1.6 sys/netinet6/ipcomp.h: 1.2 sys/netinet6/ipcomp6.h: 1.2 sys/netinet6/ipcomp_core.c: 1.2 sys/netinet6/ipcomp_input.c: 1.2 sys/netinet6/ipcomp_output.c: 1.2 sys/netinet6/ipsec.c: 1.12 sys/netinet6/ipsec.h: 1.8 sys/netinet6/ipsec6.h: 1.5 sys/netinet6/mld6.c: 1.7 sys/netinet6/nd6.c: 1.9 sys/netinet6/nd6.h: 1.7 sys/netinet6/nd6_nbr.c: 1.9 sys/netinet6/nd6_rtr.c: 1.7, 1.8 sys/netinet6/raw_ip6.c: 1.11 sys/netinet6/route6.c: 1.4 sys/netinet6/scope6.c: 1.2 sys/netinet6/udp6_output.c: 1.3 sys/netinet6/udp6_usrreq.c: 1.15 sys/netkey/key.c: 1.25 sys/netkey/key.h: 1.7 sys/netkey/key_debug.c: 1.14 sys/netkey/key_debug.h: 1.7 sys/netkey/key_var.h: 1.4 sys/netkey/keydb.h: 1.6 sys/netkey/keysock.c: 1.6 sys/netsmb/smb_crypt.c: 1.2 sys/sys/mbuf.h: 1.79, 1.80 sys/sys/protosw.h: 1.33 sys/sys/socket.h: 1.54, 1.56 sys/sys/sockio.h: 1.17 usr.bin/netstat/inet.c: 1.42 usr.bin/netstat/inet6.c: 1.10 usr.bin/netstat/ipsec.c: 1.2 usr.bin/netstat/main.c: 1.40 usr.bin/netstat/mroute6.c: 1.5 usr.bin/netstat/netstat.1: 1.29 usr.bin/netstat/netstat.h: 1.21 usr.bin/netstat/route.c: 1.50, 1.51, 1.55 usr.sbin/faithd/Makefile: 1.6 usr.sbin/faithd/README: 1.4 usr.sbin/faithd/faithd.8: 1.9 usr.sbin/faithd/faithd.c: 1.7 usr.sbin/faithd/faithd.h: 1.3 usr.sbin/faithd/ftp.c: 1.5 usr.sbin/faithd/rsh.c: 1.5 usr.sbin/faithd/tcp.c: 1.3 usr.sbin/gifconfig/gifconfig.8: 1.6 usr.sbin/gifconfig/gifconfig.c: 1.4 usr.sbin/ifmcstat/ifmcstat.8: 1.3 usr.sbin/ifmcstat/ifmcstat.c: 1.7 usr.sbin/mld6query/mld6.c: 1.2 usr.sbin/mld6query/mld6query.8: 1.2 usr.sbin/ndp/ndp.8: 1.6 usr.sbin/ndp/ndp.c: 1.6 usr.sbin/prefix/Makefile: 1.4 usr.sbin/rip6query/rip6query.8: 1.4 usr.sbin/rip6query/rip6query.c: 1.5 usr.sbin/route6d/route6d.8: 1.6 usr.sbin/route6d/route6d.c: 1.9 usr.sbin/route6d/route6d.h: 1.3 usr.sbin/rrenumd/lexer.l: 1.3 usr.sbin/rrenumd/parser.y: 1.3 usr.sbin/rrenumd/rrenumd.8: 1.6 usr.sbin/rrenumd/rrenumd.c: 1.4 usr.sbin/rrenumd/rrenumd.conf.5: 1.10 usr.sbin/rrenumd/rrenumd.h: 1.3 usr.sbin/rtadvd/advcap.c: 1.4 usr.sbin/rtadvd/advcap.h: 1.4 usr.sbin/rtadvd/config.c: 1.7 usr.sbin/rtadvd/config.h: 1.4 usr.sbin/rtadvd/dump.c: 1.3 usr.sbin/rtadvd/dump.h: 1.3 usr.sbin/rtadvd/if.c: 1.6 usr.sbin/rtadvd/if.h: 1.4 usr.sbin/rtadvd/pathnames.h: 1.5 usr.sbin/rtadvd/rrenum.c: 1.5 usr.sbin/rtadvd/rrenum.h: 1.4 usr.sbin/rtadvd/rtadvd.8: 1.8 usr.sbin/rtadvd/rtadvd.c: 1.6 usr.sbin/rtadvd/rtadvd.conf.5: 1.6 usr.sbin/rtadvd/rtadvd.h: 1.4 usr.sbin/rtadvd/timer.c: 1.4 usr.sbin/rtadvd/timer.h: 1.4 usr.sbin/rtsold/Makefile: 1.6 usr.sbin/rtsold/dump.c: 1.4 usr.sbin/rtsold/if.c: 1.5 usr.sbin/rtsold/probe.c: 1.5 usr.sbin/rtsold/rtsol.c: 1.4 usr.sbin/rtsold/rtsold.8: 1.5 usr.sbin/rtsold/rtsold.c: 1.4 usr.sbin/rtsold/rtsold.h: 1.4 usr.sbin/setkey/parse.y: 1.3 usr.sbin/setkey/scriptdump.pl: 1.3 usr.sbin/setkey/setkey.8: 1.14 usr.sbin/setkey/setkey.c: 1.3 usr.sbin/setkey/token.l: 1.5 usr.sbin/traceroute6/traceroute6.8: 1.7 usr.sbin/traceroute6/traceroute6.c: 1.8
Revision 1.57: download - view: text, markup, annotated - select for diffs
Mon Jun 11 18:41:57 2001 UTC (10 years, 8 months ago) by ume
Branches: MAIN
Diff to: previous 1.56: preferred, colored
Changes since revision 1.56: +1 -1 lines
This is force commit to mention about previous commit. - use 0/8 to specify interface index on multicast get/setsockopt - introduce ipstat.ips_badaddr
Revision 1.56: download - view: text, markup, annotated - select for diffs
Mon Jun 11 12:39:01 2001 UTC (10 years, 8 months ago) by ume
Branches: MAIN
Diff to: previous 1.55: preferred, colored
Changes since revision 1.55: +5 -1 lines
Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
Revision 1.55: download - view: text, markup, annotated - select for diffs
Fri Jun 1 10:02:27 2001 UTC (10 years, 8 months ago) by kris
Branches: MAIN
Diff to: previous 1.54: preferred, colored
Changes since revision 1.54: +7 -1 lines
Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. Reviewed by: -net Obtained from: OpenBSD
Revision 1.54: download - view: text, markup, annotated - select for diffs
Mon Mar 19 09:16:16 2001 UTC (10 years, 10 months ago) by ru
Branches: MAIN
Diff to: previous 1.53: preferred, colored
Changes since revision 1.53: +2 -1 lines
Invalidate cached forwarding route (ipforward_rt) whenever a new route is added to the routing table, otherwise we may end up using the wrong route when forwarding. PR: kern/10778 Reviewed by: silence on -net
Revision 1.53: download - view: text, markup, annotated - select for diffs
Fri Mar 16 20:00:53 2001 UTC (10 years, 10 months ago) by phk
Branches: MAIN
Diff to: previous 1.52: preferred, colored
Changes since revision 1.52: +2 -2 lines
<sys/queue.h> makeover.
Revision 1.50.2.2: download - view: text, markup, annotated - select for diffs
Sat Jul 15 07:14:31 2000 UTC (11 years, 6 months ago) by kris
Branches: RELENG_4
CVS tags: RELENG_4_3_BP, RELENG_4_3_0_RELEASE, RELENG_4_3, RELENG_4_2_0_RELEASE, RELENG_4_1_1_RELEASE, RELENG_4_1_0_RELEASE
Diff to: previous 1.50.2.1: preferred, colored; branchpoint 1.50: preferred, colored
Changes since revision 1.50.2.1: +1 -4 lines
MFC: Merge KAME 2000/07/01 code.
Revision 1.52: download - view: text, markup, annotated - select for diffs
Tue Jul 4 16:35:05 2000 UTC (11 years, 7 months ago) by itojun
Branches: MAIN
CVS tags: PRE_SMPNG
Diff to: previous 1.51: preferred, colored
Changes since revision 1.51: +1 -4 lines
sync with kame tree as of july00. tons of bug fixes/improvements. API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
Revision 1.50.2.1: download - view: text, markup, annotated - select for diffs
Sun May 21 21:41:44 2000 UTC (11 years, 8 months ago) by jlemon
Branches: RELENG_4
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +3 -1 lines
MFC: fix problem with interaction between delayed checksums & IPFilter.
Revision 1.51: download - view: text, markup, annotated - select for diffs
Sun May 21 21:26:06 2000 UTC (11 years, 8 months ago) by jlemon
Branches: MAIN
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +3 -1 lines
Compute the checksum before handing the packet off to IPFilter. Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
Revision 1.50: download - view: text, markup, annotated - select for diffs
Wed Dec 29 04:41:02 1999 UTC (12 years, 1 month ago) by peter
Branches: MAIN
CVS tags: RELENG_4_BP, RELENG_4_0_0_RELEASE
Branch point for: RELENG_4
Diff to: previous 1.49: preferred, colored
Changes since revision 1.49: +3 -3 lines
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
Revision 1.49: download - view: text, markup, annotated - select for diffs
Wed Dec 22 19:13:23 1999 UTC (12 years, 1 month ago) by shin
Branches: MAIN
Diff to: previous 1.48: preferred, colored
Changes since revision 1.48: +8 -5 lines
IPSEC support in the kernel. pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
Revision 1.48: download - view: text, markup, annotated - select for diffs
Mon Dec 6 00:43:07 1999 UTC (12 years, 2 months ago) by archie
Branches: MAIN
Diff to: previous 1.47: preferred, colored
Changes since revision 1.47: +5 -5 lines
Miscellaneous fixes/cleanups relating to ipfw and divert(4): - Implement 'ipfw tee' (finally) - Divert packets by calling new function divert_packet() directly instead of going through protosw[]. - Replace kludgey global variable 'ip_divert_port' with a function parameter to divert_packet() - Replace kludgey global variable 'frag_divert_port' with a function parameter to ip_reass() - style(9) fixes Reviewed by: julian, green
Revision 1.47: download - view: text, markup, annotated - select for diffs
Fri Nov 5 14:41:34 1999 UTC (12 years, 3 months ago) by shin
Branches: MAIN
Diff to: previous 1.46: preferred, colored
Changes since revision 1.46: +2 -1 lines
KAME related header files additions and merges. (only those which don't affect c source files so much) Reviewed by: cvs-committers Obtained from: KAME project
Revision 1.10.4.3: download - view: text, markup, annotated - select for diffs
Sun Sep 5 08:34:54 1999 UTC (12 years, 5 months ago) by peter
Branches: RELENG_2_1_0
Diff to: previous 1.10.4.2: preferred, colored; branchpoint 1.10: preferred, colored; next MAIN 1.11: preferred, colored
Changes since revision 1.10.4.2: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.24.2.6: download - view: text, markup, annotated - select for diffs
Sun Sep 5 08:18:36 1999 UTC (12 years, 5 months ago) by peter
Branches: RELENG_2_2
Diff to: previous 1.24.2.5: preferred, colored; branchpoint 1.24: preferred, colored; next MAIN 1.25: preferred, colored
Changes since revision 1.24.2.5: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.45.2.1: download - view: text, markup, annotated - select for diffs
Sun Aug 29 16:29:51 1999 UTC (12 years, 5 months ago) by peter
Branches: RELENG_3
CVS tags: RELENG_3_5_0_RELEASE, RELENG_3_4_0_RELEASE, RELENG_3_3_0_RELEASE
Diff to: previous 1.45: preferred, colored; next MAIN 1.46: preferred, colored
Changes since revision 1.45: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.46: download - view: text, markup, annotated - select for diffs
Sat Aug 28 00:49:28 1999 UTC (12 years, 5 months ago) by peter
Branches: MAIN
Diff to: previous 1.45: preferred, colored
Changes since revision 1.45: +1 -1 lines
$Id$ -> $FreeBSD$
Revision 1.45: download - view: text, markup, annotated - select for diffs
Mon Aug 24 07:47:39 1998 UTC (13 years, 5 months ago) by dfr
Branches: MAIN
CVS tags: RELENG_3_BP, RELENG_3_2_PAO_BP, RELENG_3_2_PAO, RELENG_3_2_0_RELEASE, RELENG_3_1_0_RELEASE, RELENG_3_0_0_RELEASE, PRE_VFS_BIO_NFS_PATCH, PRE_SMP_VMSHARE, PRE_NEWBUS, POST_VFS_BIO_NFS_PATCH, POST_SMP_VMSHARE, POST_NEWBUS
Branch point for: RELENG_3
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +3 -32 lines
Re-implement tcp and ip fragment reassembly to not store pointers in the ip header which can't work on alpha since pointers are too big. Reviewed by: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Revision 1.44: download - view: text, markup, annotated - select for diffs
Sun Aug 23 03:07:14 1998 UTC (13 years, 5 months ago) by wollman
Branches: MAIN
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +7 -7 lines
Yow! Completely change the way socket options are handled, eliminating another specialized mbuf type in the process. Also clean up some of the cruft surrounding IPFW, multicast routing, RSVP, and other ill-explored corners.
Revision 1.43: download - view: text, markup, annotated - select for diffs
Mon Jul 13 12:20:07 1998 UTC (13 years, 7 months ago) by bde
Branches: MAIN
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +4 -4 lines
Removed a bogus forward struct declaration. Cleaned up ifdefs.
Revision 1.42: download - view: text, markup, annotated - select for diffs
Mon Jul 6 03:20:18 1998 UTC (13 years, 7 months ago) by julian
Branches: MAIN
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +4 -1 lines
Support for IPFW based transparent forwarding. Any packet that can be matched by a ipfw rule can be redirected transparently to another port or machine. Redirection to another port mostly makes sense with tcp, where a session can be set up between a proxy and an unsuspecting client. Redirection to another machine requires that the other machine also be expecting to receive the forwarded packets, as their headers will not have been modified. /sbin/ipfw must be recompiled!!! Reviewed by: Peter Wemm <peter@freebsd.org> Submitted by: Chrisy Luke <chrisy@flix.net>
Revision 1.24.2.5: download - view: text, markup, annotated - select for diffs
Wed Jul 1 01:38:38 1998 UTC (13 years, 7 months ago) by julian
Branches: RELENG_2_2
CVS tags: RELENG_2_2_8_RELEASE, RELENG_2_2_7_RELEASE
Diff to: previous 1.24.2.4: preferred, colored; branchpoint 1.24: preferred, colored
Changes since revision 1.24.2.4: +2 -8 lines
MFC: merge in some minor cleanups for IP divert
Revision 1.41: download - view: text, markup, annotated - select for diffs
Mon Jun 8 09:47:42 1998 UTC (13 years, 8 months ago) by bde
Branches: MAIN
CVS tags: PRE_NOBDEV
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +3 -3 lines
Fixed pedantic semantics errors (bitfields not of type int, signed int or unsigned int (this doesn't change the struct layout, size or alignment in any of the files changed in this commit, at least for gcc on i386's. Using bitfields of type u_char may affect size and alignment but not packing)).
Revision 1.40: download - view: text, markup, annotated - select for diffs
Sat Jun 6 19:39:10 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +2 -10 lines
clean up the changes made to ipfw over the last weeks (should make the ipfw lkm work again)
Revision 1.39: download - view: text, markup, annotated - select for diffs
Fri Jun 5 22:40:01 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +5 -5 lines
Reverse the default sense of the IPFW/DIVERT reinjection code so that the new behaviour is now default. Solves the "infinite loop in diversion" problem when more than one diversion is active. Man page changes follow. The new code is in -stable as the NON default option.
Revision 1.24.2.4: download - view: text, markup, annotated - select for diffs
Fri Jun 5 21:38:12 1998 UTC (13 years, 8 months ago) by julian
Branches: RELENG_2_2
Diff to: previous 1.24.2.3: preferred, colored; branchpoint 1.24: preferred, colored
Changes since revision 1.24.2.3: +10 -1 lines
MFC: add option to fix divert infinite loop
Revision 1.38: download - view: text, markup, annotated - select for diffs
Mon May 25 10:37:48 1998 UTC (13 years, 8 months ago) by julian
Branches: MAIN
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +10 -1 lines
Add optional code to change the way that divert and ipfw work together. Prior to this change, Accidental recursion protection was done by the diverted daemon feeding back the divert port number it got the packet on, as the port number on a sendto(). IPFW knew not to redivert a packet to this port (again). Processing of the ruleset started at the beginning again, skipping that divert port. The new semantic (which is how we should have done it the first time) is that the port number in the sendto() is the rule number AFTER which processing should restart, and on a recvfrom(), the port number is the rule number which caused the diversion. This is much more flexible, and also more intuitive. If the user uses the same sockaddr received when resending, processing resumes at the rule number following that that caused the diversion. The user can however select to resume rule processing at any rule. (0 is restart at the beginning) To enable the new code use option IPFW_DIVERT_RESTART This should become the default as soon as people have looked at it a bit
Revision 1.37: download - view: text, markup, annotated - select for diffs
Tue May 19 15:53:50 1998 UTC (13 years, 8 months ago) by pb
Branches: MAIN
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +1 -16 lines
Move (private) struct ipflow out of ip_var.h, to reduce dependencies (for ipfw for example) on internal implementation details. Add $Id$ where missing.
Revision 1.36: download - view: text, markup, annotated - select for diffs
Tue May 19 14:19:03 1998 UTC (13 years, 8 months ago) by dg
Branches: MAIN
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +1 -2 lines
Moved #define of IPFLOW_HASHBITS to ip_flow.c where I think it belongs.
Revision 1.35: download - view: text, markup, annotated - select for diffs
Tue May 19 14:04:36 1998 UTC (13 years, 8 months ago) by dg
Branches: MAIN
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +19 -1 lines
Added fast IP forwarding code by Matt Thomas <matt@3am-software.com> via NetBSD, ported to FreeBSD by Pierre Beyssac <pb@fasterix.freenix.org> and minorly tweaked by me. This is a standard part of FreeBSD, but must be enabled with: "sysctl -w net.inet.ip.fastforwarding=1" ...and of course forwarding must also be enabled. This should probably be modified to use the zone allocator for speed and space efficiency. The current algorithm also appears to lose if the number of active paths exceeds IPFLOW_MAX (256), in which case it wastes lots of time trying to figure out which cache entry to drop.
Revision 1.24.2.3: download - view: text, markup, annotated - select for diffs
Tue Sep 16 12:03:45 1997 UTC (14 years, 4 months ago) by ache
Branches: RELENG_2_2
CVS tags: RELENG_2_2_6_RELEASE, RELENG_2_2_5_RELEASE
Diff to: previous 1.24.2.2: preferred, colored; branchpoint 1.24: preferred, colored
Changes since revision 1.24.2.2: +1 -2 lines
MFC: remove ipq queue declaration, not used outside ip_input.c
Revision 1.34: download - view: text, markup, annotated - select for diffs
Sun Sep 7 05:26:46 1997 UTC (14 years, 5 months ago) by bde
Branches: MAIN
CVS tags: PRE_SOFTUPDATE, PRE_DEVFS_SLICE, POST_SOFTUPDATE, POST_DEVFS_SLICE
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +1 -2 lines
Some staticized variables were still declared to be extern.
Revision 1.33: download - view: text, markup, annotated - select for diffs
Sun May 25 06:09:23 1997 UTC (14 years, 8 months ago) by peter
Branches: MAIN
CVS tags: WOLLMAN_MBUF, BP_WOLLMAN_MBUF
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +2 -3 lines
Connect the ipdivert div_usrreqs struct to the ip proto switch table
Revision 1.32: download - view: text, markup, annotated - select for diffs
Sun Apr 27 20:01:08 1997 UTC (14 years, 9 months ago) by wollman
Branches: MAIN
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +5 -3 lines
The long-awaited mega-massive-network-code- cleanup. Part I. This commit includes the following changes: 1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility glue for them is deleted, and the kernel will panic on boot if any are compiled in. 2) Certain protocol entry points are modified to take a process structure, so they they can easily tell whether or not it is possible to sleep, and also to access credentials. 3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt() call. Protocols should use the process pointer they are now passed. 4) The PF_LOCAL and PF_ROUTE families have been updated to use the new style, as has the `raw' skeleton family. 5) PF_LOCAL sockets now obey the process's umask when creating a socket in the filesystem. As a result, LINT is now broken. I'm hoping that some enterprising hacker with a bit more time will either make the broken bits work (should be easy for netipx) or dike them out.
Revision 1.31: download - view: text, markup, annotated - select for diffs
Sat Feb 22 09:41:36 1997 UTC (14 years, 11 months ago) by peter
Branches: MAIN
CVS tags: pre_smp_merge, post_smp_merge
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +1 -1 lines
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
Revision 1.30: download - view: text, markup, annotated - select for diffs
Tue Feb 18 20:46:27 1997 UTC (14 years, 11 months ago) by wollman
Branches: MAIN
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +1 -2 lines
Convert raw IP from mondo-switch-statement-from-Hell to pr_usrreqs. Collapse duplicates with udp_usrreq.c and tcp_usrreq.c (calling the generic routines in uipc_socket2.c and in_pcb.c). Calling sockaddr()_ or peeraddr() on a detached socket now traps, rather than harmlessly returning an error; this should never happen. Allow the raw IP buffer sizes to be controlled via sysctl.
Revision 1.29: download - view: text, markup, annotated - select for diffs
Thu Feb 13 19:46:44 1997 UTC (14 years, 11 months ago) by wollman
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +1 -0 lines
Provide PRC_IFDOWN and PRC_IFUP support for IP. Now, when an interface is administratively downed, all routes to that interface (including the interface route itself) which are not static will be deleted. When it comes back up, and addresses remaining will have their interface routes re-added. This solves the problem where, for example, an Ethernet interface is downed by traffic continues to flow by way of ARP entries.
Revision 1.28: download - view: text, markup, annotated - select for diffs
Tue Jan 21 21:08:09 1997 UTC (15 years ago) by wollman
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +1 -0 lines
Count multicast packets received for groups of which we are not a member separately from generic ``can't forward'' packets. This would have helped me find the previous bug much faster.
Revision 1.27: download - view: text, markup, annotated - select for diffs
Tue Jan 14 06:49:03 1997 UTC (15 years ago) by jkh
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +1 -1 lines
Make the long-awaited change from $Id$ to $FreeBSD$ This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
Revision 1.24.2.2: download - view: text, markup, annotated - select for diffs
Tue Nov 12 11:28:59 1996 UTC (15 years, 3 months ago) by phk
Branches: RELENG_2_2
CVS tags: WHISTLE_SET_1, WHISTLE_NET_BRANCH_1, WHISTLE_BP1, RELENG_2_2_2_RELEASE, RELENG_2_2_1_RELEASE, RELENG_2_2_0_RELEASE
Diff to: previous 1.24.2.1: preferred, colored; branchpoint 1.24: preferred, colored
Changes since revision 1.24.2.1: +2 -1 lines
YAMFC
Revision 1.26: download - view: text, markup, annotated - select for diffs
Tue Nov 12 10:02:09 1996 UTC (15 years, 3 months ago) by bde
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -1 lines
Forward-declare `struct inpcb' so that including this file doesn't cause lots of warnings. Should be in 2.2. Previous version shouldn't have been in 2.2.
Revision 1.24.2.1: download - view: text, markup, annotated - select for diffs
Mon Nov 11 23:40:53 1996 UTC (15 years, 3 months ago) by phk
Branches: RELENG_2_2
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +3 -1 lines
Merge from -current
Revision 1.25: download - view: text, markup, annotated - select for diffs
Mon Nov 11 04:56:21 1996 UTC (15 years, 3 months ago) by fenner
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +3 -1 lines
Add the IP_RECVIF socket option, which supplies a packet's incoming interface using a sockaddr_dl. Fix the other packet-information socket options (SO_TIMESTAMP, IP_RECVDSTADDR) to work for multicast UDP and raw sockets as well. (They previously only worked for unicast UDP).
Revision 1.24: download - view: text, markup, annotated - select for diffs
Fri Oct 25 17:57:46 1996 UTC (15 years, 3 months ago) by fenner
Branches: MAIN
CVS tags: RELENG_2_2_BP
Branch point for: RELENG_2_2
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +3 -2 lines
Don't allow reassembly to create packets bigger than IP_MAXPACKET, and count attempts to do so. Don't allow users to source packets bigger than IP_MAXPACKET. Make UDP length and ipovly's protocol length unsigned short. Reviewed by: wollman Submitted by: (partly by) kml@nas.nasa.gov (Kevin Lahey)
Revision 1.23: download - view: text, markup, annotated - select for diffs
Wed Oct 23 18:35:50 1996 UTC (15 years, 3 months ago) by wollman
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +3 -3 lines
Give ip_len and ip_off more natural, unsigned types.
Revision 1.22: download - view: text, markup, annotated - select for diffs
Tue Oct 15 16:54:47 1996 UTC (15 years, 3 months ago) by bde
Branches: MAIN
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +7 -5 lines
Forward-declared `struct route' for the KERNEL case so that <net/route.h> isn't a prerequisite. Fixed style of ifdefs.
Revision 1.21: download - view: text, markup, annotated - select for diffs
Wed Jul 10 19:44:27 1996 UTC (15 years, 7 months ago) by julian
Branches: MAIN
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +14 -2 lines
Adding changes to ipfw and the kernel to support ip packet diversion.. This stuff should not be too destructive if the IPDIVERT is not compiled in.. be aware that this changes the size of the ip_fw struct so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
Revision 1.20: download - view: text, markup, annotated - select for diffs
Tue Mar 26 19:16:45 1996 UTC (15 years, 10 months ago) by fenner
Branches: MAIN
CVS tags: wollman_polling
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +4 -5 lines
Make rip_input() take the header length Move ipip_input() and rsvp_input() prototypes to ip_var.h Remove unused prototype for rip_ip_input() from ip_var.h Remove unused variable *opts from rip_output()
Revision 1.10.4.2: download - view: text, markup, annotated - select for diffs
Mon Mar 4 04:56:24 1996 UTC (15 years, 11 months ago) by davidg
Branches: RELENG_2_1_0
CVS tags: RELENG_2_1_7_RELEASE, RELENG_2_1_6_RELEASE, RELENG_2_1_6_1_RELEASE, RELENG_2_1_5_RELEASE
Diff to: previous 1.10.4.1: preferred, colored; branchpoint 1.10: preferred, colored
Changes since revision 1.10.4.1: +2 -1 lines
Brought in Path MTU Discovery implementation from main branch. This has been running on wcarchive now for several weeks and makes a substantial improvement in TCP performance.
Revision 1.19: download - view: text, markup, annotated - select for diffs
Tue Jan 30 22:58:27 1996 UTC (16 years ago) by mpp
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +2 -2 lines
Fix a bunch of spelling errors in the comment fields of a bunch of system include files.
Revision 1.18: download - view: text, markup, annotated - select for diffs
Thu Dec 14 09:53:45 1995 UTC (16 years, 2 months ago) by phk
Branches: MAIN
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +1 -2 lines
Another mega commit to staticize things.
Revision 1.17: download - view: text, markup, annotated - select for diffs
Tue Dec 5 17:46:25 1995 UTC (16 years, 2 months ago) by wollman
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +1 -3 lines
Path MTU Discovery is now standard.
Revision 1.16: download - view: text, markup, annotated - select for diffs
Tue Nov 14 20:34:21 1995 UTC (16 years, 3 months ago) by phk
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +1 -16 lines
New style sysctl & staticize alot of stuff.
Revision 1.15: download - view: text, markup, annotated - select for diffs
Thu Sep 21 18:04:43 1995 UTC (16 years, 4 months ago) by wollman
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -2 lines
Merge 4.4-Lite-2 by updating the version number. Obtained from: 4.4BSD-Lite-2
Revision 1.1.1.2 (vendor branch): download - view: text, markup, annotated - select for diffs
Thu Sep 21 17:19:08 1995 UTC (16 years, 4 months ago) by wollman
Branches: CSRG
CVS tags: bsd_44_lite_2
Diff to: previous 1.1.1.1: preferred, colored
Changes since revision 1.1.1.1: +2 -2 lines
Second try: get 4.4-Lite-2 into the source tree. The conflicts don't matter because none of our working source files are on the CSRG branch any more. Obtained from: 4.4BSD-Lite-2
Revision 1.14: download - view: text, markup, annotated - select for diffs
Mon Sep 18 15:51:37 1995 UTC (16 years, 4 months ago) by wollman
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +4 -1 lines
Initial back-end support for IP MTU discovery, gated on MTUDISC. The support for TCP has yet to be written.
Revision 1.10.4.1: download - view: text, markup, annotated - select for diffs
Wed Sep 6 10:31:42 1995 UTC (16 years, 5 months ago) by davidg
Branches: RELENG_2_1_0
CVS tags: RELENG_2_1_0_RELEASE
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +9 -4 lines
Brought in changes from main branch: update to multicast v3.5. Reviewed by: Bill Fenner <fenner@parc.xerox.com>, wollman
Revision 1.13: download - view: text, markup, annotated - select for diffs
Wed Jul 26 18:05:16 1995 UTC (16 years, 6 months ago) by wollman
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -1 lines
Fix test for determining when RSVP is inactive in a router. (In this case, multicast options are not passed to ip_mforward().) The previous version had a wrong test, thus causing RSVP mrouters to forward RSVP messages in violation of the spec.
Revision 1.12: download - view: text, markup, annotated - select for diffs
Wed Jun 28 05:13:02 1995 UTC (16 years, 7 months ago) by davidg
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +4 -1 lines
Added function prototypes for ip_rsvp_vif_init, ip_rsvp_vif_done, and ip_rsvp_force_done.
Revision 1.11: download - view: text, markup, annotated - select for diffs
Tue Jun 13 17:51:15 1995 UTC (16 years, 8 months ago) by wollman
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +4 -3 lines
Kernel side of 3.5 multicast routing code, based on work by Bill Fenner and other work done here. The LKM support is probably broken, but it still compiles and will be fixed later.
Revision 1.10: download - view: text, markup, annotated - select for diffs
Tue May 30 08:09:50 1995 UTC (16 years, 8 months ago) by rgrimes
Branches: MAIN
CVS tags: RELENG_2_1_0_BP, RELENG_2_0_5_RELEASE, RELENG_2_0_5_BP, RELENG_2_0_5
Branch point for: RELENG_2_1_0
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +3 -3 lines
Remove trailing whitespace.
Revision 1.9: download - view: text, markup, annotated - select for diffs
Thu Mar 16 18:15:01 1995 UTC (16 years, 11 months ago) by bde
Branches: MAIN
CVS tags: RELENG_2_0_5_ALPHA
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -1 lines
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
Revision 1.8: download - view: text, markup, annotated - select for diffs
Thu Mar 16 16:25:42 1995 UTC (16 years, 11 months ago) by wollman
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +5 -1 lines
This set of patches enables IP multicasting to work under FreeBSD. I am submitting them as context diffs for the following files: sys/netinet/ip_mroute.c sys/netinet/ip_var.h sys/netinet/raw_ip.c usr.sbin/mrouted/igmp.c usr.sbin/mrouted/prune.c The routine rip_ip_input in raw_ip.c is suggested by Mark Tinguely (tinguely@plains.nodak.edu). I have been running mrouted with these patches for over a week and nothing has seemed seriously wrong. It is being run in two places on our network as a tunnel on one and a subnet querier on the other. The only problem I have run into is that mrouted on the tunnel must start up last or the pruning isn't done correctly and multicast packets flood your subnets. Submitted by: Soochon Radee <slr@mitre.org>
Revision 1.7: download - view: text, markup, annotated - select for diffs
Tue Feb 14 06:25:17 1995 UTC (17 years ago) by phk
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +3 -1 lines
YPfix
Revision 1.6: download - view: text, markup, annotated - select for diffs
Wed Sep 14 03:10:14 1994 UTC (17 years, 5 months ago) by wollman
Branches: MAIN
CVS tags: RELEASE_2_0, OLAH_TTCP, BETA_2_0, ALPHA_2_0
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -2 lines
Shuffle some functions and variables around to make it possible for multicast routing to be implemented as an LKM. (There's still a bit of work to do in this area.)
Revision 1.5: download - view: text, markup, annotated - select for diffs
Tue Sep 6 22:42:25 1994 UTC (17 years, 5 months ago) by wollman
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +6 -2 lines
Initial get-the-easy-case-working upgrade of the multicast code to something more recent than the ancient 1.2 release contained in 4.4. This code has the following advantages as compared to previous versions (culled from the README file for the SunOS release): - True multicast delivery - Configurable rate-limiting of forwarded multicast traffic on each physical interface or tunnel, using a token-bucket limiter. - Simplistic classification of packets for prioritized dropping. - Administrative scoping of multicast address ranges. - Faster detection of hosts leaving groups. - Support for multicast traceroute (code not yet available). - Support for RSVP, the Resource Reservation Protocol. What still needs to be done: - The multicast forwarder needs testing. - The multicast routing daemon needs to be ported. - Network interface drivers need to have the `#ifdef MULTICAST' goop ripped out of them. - The IGMP code should probably be bogon-tested. Some notes about the porting process: In some cases, the Berkeley people decided to incorporate functionality from later releases of the multicast code, but then had to do things differently. As a result, if you look at Deering's patches, and then look at our code, it is not always obvious whether the patch even applies. Let the reader beware. I ran ip_mroute.c through several passes of `unifdef' to get rid of useless grot, and to permanently enable the RSVP support, which we will include as standard. Ported by: Garrett Wollman Submitted by: Steve Deering and Ajit Thyagarajan (among others)
Revision 1.4: download - view: text, markup, annotated - select for diffs
Sun Aug 21 05:27:33 1994 UTC (17 years, 5 months ago) by paul
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +6 -1 lines
Made idempotent. Submitted by: Paul
Revision 1.3: download - view: text, markup, annotated - select for diffs
Thu Aug 18 22:35:31 1994 UTC (17 years, 5 months ago) by wollman
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +5 -6 lines
Fix up some sloppy coding practices: - Delete redundant declarations. - Add -Wredundant-declarations to Makefile.i386 so they don't come back. - Delete sloppy COMMON-style declarations of uninitialized data in header files. - Add a few prototypes. - Clean up warnings resulting from the above. NB: ioconf.c will still generate a redundant-declaration warning, which is unavoidable unless somebody volunteers to make `config' smarter.
Revision 1.2: download - view: text, markup, annotated - select for diffs
Tue Aug 2 07:48:47 1994 UTC (17 years, 6 months ago) by davidg
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +1 -0 lines
Added $Id$
Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue May 24 10:06:21 1994 UTC (17 years, 8 months ago) by rgrimes
Branches: CSRG
CVS tags: bsd_44_lite, REL_before_johndavid_2_0_0
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
BSD 4.4 Lite Kernel Sources
Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue May 24 10:06:20 1994 UTC (17 years, 8 months ago) by rgrimes
Branches: MAIN
Initial revision