The NetBSD Project

CVS log for src/sys/netinet/ip_input.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / netinet

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.402 / (download) - annotate - [select for diffs], Fri Sep 2 03:50:00 2022 UTC (18 months, 2 weeks ago) by thorpej
Branch: MAIN
CVS Tags: triaxx-drm, thorpej-ifq-base, thorpej-ifq, thorpej-altq-separation-base, thorpej-altq-separation, netbsd-10-base, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, bouyer-sunxi-drm-base, bouyer-sunxi-drm, HEAD
Changes since 1.401: +11 -6 lines
Diff to previous 1.401 (colored) to selected 1.142 (colored)

pktqueue: Re-factor sysctl handling.

Provide a new pktq_sysctl_setup() function that attaches standard
pktq sysctl nodes below a specified parent node, with either a
fixed node ID or CTL_CREATE to dynamically assign node IDs.  Make
all of the sysctl handlers private to pktqueue.c, and remove the
INET- and INET6-specific pktqueue sysctl code from net/if.c.

Revision 1.397.2.1 / (download) - annotate - [select for diffs], Sat Apr 3 22:29:01 2021 UTC (2 years, 11 months ago) by thorpej
Branch: thorpej-futex
Changes since 1.397: +7 -17 lines
Diff to previous 1.397 (colored) next main 1.398 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.401 / (download) - annotate - [select for diffs], Mon Mar 8 18:03:25 2021 UTC (3 years ago) by christos
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-i2c-spi-conf, thorpej-futex2-base, thorpej-futex2, thorpej-futex-base, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-cfargs-base, thorpej-cfargs, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.400: +2 -4 lines
Diff to previous 1.400 (colored) to selected 1.142 (colored)

remove now unused pseudo-random ip id code.

Revision 1.355.2.9 / (download) - annotate - [select for diffs], Sun Mar 7 19:13:24 2021 UTC (3 years ago) by martin
Branch: netbsd-8
Changes since 1.355.2.8: +3 -3 lines
Diff to previous 1.355.2.8 (colored) to branchpoint 1.355 (colored) next main 1.356 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by christos in ticket #1661):

	sys/netinet6/ip6_id.c: revision 1.19-1.21
	sys/netinet6/ip6_var.h: revision 1.88
	sys/netinet/ip_input.c: revision 1.400
	sys/netinet/tcp_subr.c: revision 1.285
	sys/netinet/ip6.h: revision 1.30

netinet: Enable random IP fragment ids by default (from riastradh)

netinet: Enable RFC 1948 pseudorandom TCP ISS selection by default.
(from riastradh)

netinet6: Mark randomid unused.

Will make merging and bisection easier if anything goes wrong with
flow label or fragment id randomization changes.
(from riastradh)

netinet/netinet6: Add necessary includes to make these standalone.
(from riastradh)

Replace randomid() by cprng_fast32()

Revision 1.389.2.3 / (download) - annotate - [select for diffs], Sun Mar 7 19:04:31 2021 UTC (3 years ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE, netbsd-9-2-RELEASE
Changes since 1.389.2.2: +3 -3 lines
Diff to previous 1.389.2.2 (colored) to branchpoint 1.389 (colored) next main 1.390 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by christos in ticket #1226):

	sys/netinet6/ip6_id.c: revision 1.19-1.21
	sys/netinet6/ip6_var.h: revision 1.88
	sys/netinet/ip_input.c: revision 1.400
	sys/netinet/tcp_subr.c: revision 1.285
	sys/netinet/ip6.h: revision 1.30

netinet: Enable random IP fragment ids by default (from riastradh)

netinet: Enable RFC 1948 pseudorandom TCP ISS selection by default.
(from riastradh)

netinet6: Mark randomid unused.

Will make merging and bisection easier if anything goes wrong with
flow label or fragment id randomization changes.
(from riastradh)

netinet/netinet6: Add necessary includes to make these standalone.
(from riastradh)

Replace randomid() by cprng_fast32()

Revision 1.400 / (download) - annotate - [select for diffs], Sun Mar 7 14:58:27 2021 UTC (3 years ago) by christos
Branch: MAIN
Changes since 1.399: +3 -3 lines
Diff to previous 1.399 (colored) to selected 1.142 (colored)

netinet: Enable random IP fragment ids by default (from riastradh)

Revision 1.399 / (download) - annotate - [select for diffs], Fri Feb 19 14:51:59 2021 UTC (3 years ago) by christos
Branch: MAIN
Changes since 1.398: +3 -3 lines
Diff to previous 1.398 (colored) to selected 1.142 (colored)

- Make ALIGNED_POINTER use __alignof(t) instead of sizeof(t). This is more
  correct because it works with non-primitive types and provides the ABI
  alignment for the type the compiler will use.
- Remove all the *_HDR_ALIGNMENT macros and asserts
- Replace POINTER_ALIGNED_P with ACCESSIBLE_POINTER which is identical to
  ALIGNED_POINTER, but returns that the pointer is always aligned if the
  CPU supports unaligned accesses.
[ as proposed in tech-kern ]

Revision 1.398 / (download) - annotate - [select for diffs], Sun Feb 14 20:58:35 2021 UTC (3 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.397: +6 -14 lines
Diff to previous 1.397 (colored) to selected 1.142 (colored)

- centralize header align and pullup into a single inline function
- use a single macro to align pointers and expose the alignment, instead
  of hard-coding 3 in 1/2 the macros.
- fix an issue in the ipv6 lt2p where it was aligning for ipv4 and pulling
  for ipv6.

Revision 1.397 / (download) - annotate - [select for diffs], Fri Aug 28 06:31:42 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Branch point for: thorpej-futex
Changes since 1.396: +9 -3 lines
Diff to previous 1.396 (colored) to selected 1.142 (colored)

inet: reduce silent packet discards

Revision 1.396 / (download) - annotate - [select for diffs], Fri Aug 28 06:30:08 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.395: +16 -18 lines
Diff to previous 1.395 (colored) to selected 1.142 (colored)

inet: pull m_get_rcvif_psref out of ip_input for simplicity

Same as ip6_input.

Revision 1.395 / (download) - annotate - [select for diffs], Fri Aug 28 06:20:44 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.394: +4 -4 lines
Diff to previous 1.394 (colored) to selected 1.142 (colored)

ipsec: rename ipsec_ip_input to ipsec_ip_input_checkpolicy

Because it just checks if a packet passes security policies.

Revision 1.394 / (download) - annotate - [select for diffs], Fri Aug 28 06:19:13 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.393: +4 -2 lines
Diff to previous 1.393 (colored) to selected 1.142 (colored)

inet, inet6: count packets dropped by IPsec

The counters count packets dropped due to security policy checks.

Revision 1.384.2.2 / (download) - annotate - [select for diffs], Mon Apr 13 08:05:16 2020 UTC (3 years, 11 months ago) by martin
Branch: phil-wifi
Changes since 1.384.2.1: +30 -16 lines
Diff to previous 1.384.2.1 (colored) to branchpoint 1.384 (colored) next main 1.385 (colored) to selected 1.142 (colored)

Mostly merge changes from HEAD upto 20200411

Revision 1.393 / (download) - annotate - [select for diffs], Wed Nov 13 02:51:22 2019 UTC (4 years, 4 months ago) by ozaki-r
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, is-mlppp-base, is-mlppp, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh, ad-namecache-base3, ad-namecache-base2, ad-namecache-base1, ad-namecache-base, ad-namecache
Changes since 1.392: +3 -4 lines
Diff to previous 1.392 (colored) to selected 1.142 (colored)

Get rid of unnecessary NULL checks for rt_ifa and ifa_ifp

They are always non-NULL nowadays.

Revision 1.355.2.8 / (download) - annotate - [select for diffs], Tue Sep 24 18:27:10 2019 UTC (4 years, 5 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE
Changes since 1.355.2.7: +12 -12 lines
Diff to previous 1.355.2.7 (colored) to branchpoint 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by knakahara in ticket #1385):

	sys/net/if.c				1.461
	sys/net/if.h				1.277
	sys/net/if_gif.c			1.149
	sys/net/if_gif.h			1.33
	sys/net/if_ipsec.c			1.19,1.20,1.24
	sys/net/if_ipsec.h			1.5
	sys/net/if_l2tp.c			1.33,1.36-1.39
	sys/net/if_l2tp.h			1.7,1.8
	sys/net/route.c				1.220,1.221
	sys/net/route.h				1.125
	sys/netinet/in_gif.c			1.95
	sys/netinet/in_l2tp.c			1.17
	sys/netinet/ip_input.c			1.391,1.392
	sys/netinet/wqinput.c			1.6
	sys/netinet6/in6_gif.c			1.94
	sys/netinet6/in6_l2tp.c			1.18
	sys/netinet6/ip6_forward.c		1.97
	sys/netinet6/ip6_input.c		1.210,1.211
	sys/netipsec/ipsec_output.c		1.82,1.83 (patched)
	sys/netipsec/ipsecif.c			1.12,1.13,1.15,1.17 (patched)
	sys/netipsec/key.c			1.259,1.260

ipsecif(4) support input drop packet counter.

ipsecif(4) should not increment drop counter by errors not related to if_snd. Pointed out by ozaki-r@n.o, thanks.
Remove unnecessary addresses in PF_KEY message.

MOBIKE Extensions for PF_KEY draft-schilcher-mobike-pfkey-extension-01.txt says
====================
5.  SPD Update
// snip
   SADB_X_SPDADD:
// snip
      sadb_x_ipsecrequest_reqid:
         An ID for that SA can be passed to the kernel in the
         sadb_x_ipsecrequest_reqid field.
      If tunnel mode is specified, the sadb_x_ipsecrequest structure is
      followed by two sockaddr structures that define the tunnel
      endpoint addresses.  In the case that transport mode is used, no
      additional addresses are specified.
====================
see: <a  rel="nofollow" href="https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01">https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01</a>

ipsecif(4) uses transport mode, so it should not add addresses.

ipsecif(4) supports multiple peers in the same NAPT.

E.g. ipsec0 connects between NetBSD_A and NetBSD_B, ipsec1 connects
NetBSD_A and NetBSD_C at the following figure.
                                        +----------+
                                   +----| NetBSD_B |
 +----------+           +------+   |    +----------+
 | NetBSD_A |--- ... ---| NAPT |---+
 +----------+           +------+   |    +----------+
                                   +----| NetBSD_C |
                                        +----------+

Add ATF later.

l2tp(4): fix output bytes counter. Pointed by k-goda@IIJ, thanks.
remove a variable which is no longer used.

l2tp: initialize mowner variables for MBUFTRACE

Avoid having a rtcache directly in a percpu storage
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@


wqinput: avoid having struct wqinput_worklist directly in a percpu storage
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler.  Address this situation by having just a pointer to the data
in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@

Add missing #include <sys/kmem.h>

Divide Tx context of l2tp(4) to improve performance.
It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).

Apply some missing changes lost on the previous commit

Avoid having a rtcache directly in a percpu storage for tunnel protocols.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

l2tp(4): avoid having struct ifqueue directly in a percpu storage.

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing.  Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

Revision 1.389.2.2 / (download) - annotate - [select for diffs], Tue Sep 24 03:10:35 2019 UTC (4 years, 5 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1
Changes since 1.389.2.1: +12 -12 lines
Diff to previous 1.389.2.1 (colored) to branchpoint 1.389 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #238):

	sys/netipsec/ipsec_output.c: revision 1.83
	sys/net/route.h: revision 1.125
	sys/netinet6/ip6_input.c: revision 1.210
	sys/netinet6/ip6_input.c: revision 1.211
	sys/net/if.c: revision 1.461
	sys/net/if_gif.h: revision 1.33
	sys/net/route.c: revision 1.220
	sys/net/route.c: revision 1.221
	sys/net/if.h: revision 1.277
	sys/netinet6/ip6_forward.c: revision 1.97
	sys/netinet/wqinput.c: revision 1.6
	sys/net/if_ipsec.h: revision 1.5
	sys/netinet6/in6_l2tp.c: revision 1.18
	sys/netinet6/in6_gif.c: revision 1.94
	sys/net/if_l2tp.h: revision 1.7
	sys/net/if_gif.c: revision 1.149
	sys/net/if_l2tp.h: revision 1.8
	sys/netinet/in_gif.c: revision 1.95
	sys/netinet/in_l2tp.c: revision 1.17
	sys/netipsec/ipsecif.c: revision 1.17
	sys/net/if_ipsec.c: revision 1.24
	sys/net/if_l2tp.c: revision 1.37
	sys/netinet/ip_input.c: revision 1.391
	sys/net/if_l2tp.c: revision 1.38
	sys/netinet/ip_input.c: revision 1.392
	sys/net/if_l2tp.c: revision 1.39

Avoid having a rtcache directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

 -

wqinput: avoid having struct wqinput_worklist directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler.  Address this situation by having just a pointer to the data
in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

 -

Add missing #include <sys/kmem.h>

 -

Divide Tx context of l2tp(4) to improve performance.

It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).

 -

Apply some missing changes lost on the previous commit

 -

Avoid having a rtcache directly in a percpu storage for tunnel protocols.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

 -

l2tp(4): avoid having struct ifqueue directly in a percpu storage.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing.  Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

Revision 1.392 / (download) - annotate - [select for diffs], Thu Sep 19 05:31:50 2019 UTC (4 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.391: +4 -4 lines
Diff to previous 1.391 (colored) to selected 1.142 (colored)

Apply some missing changes lost on the previous commit

Revision 1.391 / (download) - annotate - [select for diffs], Thu Sep 19 04:08:29 2019 UTC (4 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.390: +10 -10 lines
Diff to previous 1.390 (colored) to selected 1.142 (colored)

Avoid having a rtcache directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@

Revision 1.389.2.1 / (download) - annotate - [select for diffs], Tue Sep 17 19:55:43 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-9
Changes since 1.389: +19 -4 lines
Diff to previous 1.389 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by bouyer in ticket #208):

	sys/netinet6/ip6_input.c: revision 1.209
	sys/netinet/ip_input.c: revision 1.390

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.355.2.7 / (download) - annotate - [select for diffs], Tue Sep 17 18:57:23 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-8
Changes since 1.355.2.6: +19 -2 lines
Diff to previous 1.355.2.6 (colored) to branchpoint 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1378):

	sys/netinet6/ip6_input.c: revision 1.209 (patch)
	sys/netinet/ip_input.c: revision 1.390 (patch)

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.319.6.2 / (download) - annotate - [select for diffs], Tue Sep 17 18:09:37 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-7-0
Changes since 1.319.6.1: +19 -2 lines
Diff to previous 1.319.6.1 (colored) to branchpoint 1.319 (colored) next main 1.320 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1708):

	sys/netinet6/ip6_input.c: revision 1.209 via patch
	sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.319.10.2 / (download) - annotate - [select for diffs], Tue Sep 17 18:08:13 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-7-1
Changes since 1.319.10.1: +19 -2 lines
Diff to previous 1.319.10.1 (colored) to branchpoint 1.319 (colored) next main 1.320 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1708):

	sys/netinet6/ip6_input.c: revision 1.209 via patch
	sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.319.2.2 / (download) - annotate - [select for diffs], Tue Sep 17 18:07:15 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-7
Changes since 1.319.2.1: +19 -2 lines
Diff to previous 1.319.2.1 (colored) to branchpoint 1.319 (colored) next main 1.320 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1708):

	sys/netinet6/ip6_input.c: revision 1.209 via patch
	sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.390 / (download) - annotate - [select for diffs], Sun Sep 15 21:00:15 2019 UTC (4 years, 6 months ago) by bouyer
Branch: MAIN
Changes since 1.389: +19 -4 lines
Diff to previous 1.389 (colored) to selected 1.142 (colored)

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.384.2.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:47 2019 UTC (4 years, 9 months ago) by christos
Branch: phil-wifi
Changes since 1.384: +7 -13 lines
Diff to previous 1.384 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.389 / (download) - annotate - [select for diffs], Mon May 13 07:47:59 2019 UTC (4 years, 10 months ago) by ozaki-r
Branch: MAIN
CVS Tags: phil-wifi-20190609, netbsd-9-base
Branch point for: netbsd-9
Changes since 1.388: +3 -2 lines
Diff to previous 1.388 (colored) to selected 1.142 (colored)

Count packets dropped by pfil

Revision 1.376.2.7 / (download) - annotate - [select for diffs], Fri Jan 18 08:50:58 2019 UTC (5 years, 2 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.376.2.6: +3 -3 lines
Diff to previous 1.376.2.6 (colored) to branchpoint 1.376 (colored) next main 1.377 (colored) to selected 1.142 (colored)

Synch with HEAD

Revision 1.388 / (download) - annotate - [select for diffs], Thu Jan 17 02:47:15 2019 UTC (5 years, 2 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-20190127, pgoyette-compat-20190118, isaki-audio2-base, isaki-audio2
Changes since 1.387: +3 -3 lines
Diff to previous 1.387 (colored) to selected 1.142 (colored)

Fix ipsecif(4) cannot apply input direction packet filter. Reviewed by ozaki-r@n.o and ryo@n.o.

Add ATF later.

Revision 1.376.2.6 / (download) - annotate - [select for diffs], Mon Nov 26 01:52:51 2018 UTC (5 years, 3 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.376.2.5: +3 -3 lines
Diff to previous 1.376.2.5 (colored) to branchpoint 1.376 (colored) to selected 1.142 (colored)

Sync with HEAD, resolve a couple of conflicts

Revision 1.387 / (download) - annotate - [select for diffs], Thu Nov 15 10:23:56 2018 UTC (5 years, 4 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-1226, pgoyette-compat-1126
Changes since 1.386: +3 -3 lines
Diff to previous 1.386 (colored) to selected 1.142 (colored)

Remove the 't' argument from m_tag_find().

Revision 1.376.2.5 / (download) - annotate - [select for diffs], Thu Sep 6 06:56:44 2018 UTC (5 years, 6 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.376.2.4: +3 -10 lines
Diff to previous 1.376.2.4 (colored) to branchpoint 1.376 (colored) to selected 1.142 (colored)

Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)

Revision 1.386 / (download) - annotate - [select for diffs], Sun Sep 2 16:05:33 2018 UTC (5 years, 6 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906
Changes since 1.385: +3 -10 lines
Diff to previous 1.385 (colored) to selected 1.142 (colored)

remove reference to ipnat, and duplicate comments

Revision 1.376.2.4 / (download) - annotate - [select for diffs], Sat Jul 28 04:38:10 2018 UTC (5 years, 7 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.376.2.3: +3 -3 lines
Diff to previous 1.376.2.3 (colored) to branchpoint 1.376 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.385 / (download) - annotate - [select for diffs], Tue Jul 10 15:46:58 2018 UTC (5 years, 8 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0728
Changes since 1.384: +3 -3 lines
Diff to previous 1.384 (colored) to selected 1.142 (colored)

Remove the second argument from ip_reass_packet(). We want the IP header
on the mbuf, not elsewhere. Simplifies the NPF reassembly code a little.
No real functional change.

Revision 1.376.2.3 / (download) - annotate - [select for diffs], Mon May 21 04:36:16 2018 UTC (5 years, 9 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.376.2.2: +7 -5 lines
Diff to previous 1.376.2.2 (colored) to branchpoint 1.376 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.384 / (download) - annotate - [select for diffs], Thu May 17 11:59:36 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-base, pgoyette-compat-0625, pgoyette-compat-0521
Branch point for: phil-wifi
Changes since 1.383: +4 -2 lines
Diff to previous 1.383 (colored) to selected 1.142 (colored)

Add KASSERTs, related to PR/39794.

Revision 1.383 / (download) - annotate - [select for diffs], Mon May 14 17:34:26 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
Changes since 1.382: +4 -4 lines
Diff to previous 1.382 (colored) to selected 1.142 (colored)

Merge ipsec4_input and ipsec6_input into ipsec_ip_input. Make the argument
a bool for clarity. Optimize the function: if M_CANFASTFWD is not there
(because already removed by the firewall) leave now.

Makes it easier to see that M_CANFASTFWD is not removed on IPv6.

Revision 1.382 / (download) - annotate - [select for diffs], Thu May 10 05:08:53 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
Changes since 1.381: +3 -3 lines
Diff to previous 1.381 (colored) to selected 1.142 (colored)

Rename ipsec4_forward -> ipsec_mtu, and switch to void.

Revision 1.376.2.2 / (download) - annotate - [select for diffs], Wed May 2 07:20:23 2018 UTC (5 years, 10 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.376.2.1: +3 -3 lines
Diff to previous 1.376.2.1 (colored) to branchpoint 1.376 (colored) to selected 1.142 (colored)

Synch with HEAD

Revision 1.381 / (download) - annotate - [select for diffs], Thu Apr 26 19:22:17 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0502
Changes since 1.380: +3 -3 lines
Diff to previous 1.380 (colored) to selected 1.142 (colored)

Remove unused mbuf argument from sbsavetimestamp.

Revision 1.376.2.1 / (download) - annotate - [select for diffs], Mon Apr 16 02:00:08 2018 UTC (5 years, 11 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.376: +15 -11 lines
Diff to previous 1.376 (colored) to selected 1.142 (colored)

Sync with HEAD, resolve some conflicts

Revision 1.380 / (download) - annotate - [select for diffs], Sun Apr 15 07:35:49 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0422, pgoyette-compat-0415
Changes since 1.379: +4 -2 lines
Diff to previous 1.379 (colored) to selected 1.142 (colored)

Introduce a m_verify_packet function, that verifies the mbuf chain of a
packet to ensure it is not malformed. Call this function in "points of
interest", that are the IPv4/IPv6/IPsec entry points. There could be more.

We use M_VERIFY_PACKET(m), declared under DIAGNOSTIC only.

This function should not be called everywhere, especially not in places
that temporarily manipulate (and clobber) the mbuf structure; once they're
done they put the mbuf back in a correct format.

Revision 1.379 / (download) - annotate - [select for diffs], Wed Apr 11 08:11:20 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.378: +3 -4 lines
Diff to previous 1.378 (colored) to selected 1.142 (colored)

Don't pass IP_ALLOWBROADCAST in ipsec4_input. The flag lands in
ipsec_getpolicybyaddr, and only IP_FORWARDING is taken.

In fact it would be good to change the 'flags' argument of ipsec4_input
to be a boolean, same for ipsec_getpolicybyaddr. It would be less
misleading.

Revision 1.378 / (download) - annotate - [select for diffs], Wed Apr 11 07:55:19 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.377: +5 -2 lines
Diff to previous 1.377 (colored) to selected 1.142 (colored)

Add comment about IPsec.

Revision 1.377 / (download) - annotate - [select for diffs], Wed Apr 11 07:52:25 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.376: +9 -9 lines
Diff to previous 1.376 (colored) to selected 1.142 (colored)

Small changes in ip_dooptions: replace bcopy by memcpy, the areas can't
overlap.

Revision 1.355.2.6 / (download) - annotate - [select for diffs], Sun Mar 18 10:57:01 2018 UTC (6 years ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1
Changes since 1.355.2.5: +2 -11 lines
Diff to previous 1.355.2.5 (colored) to branchpoint 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by tih in ticket #639):
	sys/kern/uipc_socket.c: revision 1.258
	sys/kern/uipc_socket.c: revision 1.259
	sys/netinet/ip_input.c: revision 1.364 (via patch)
	sys/netinet/ip_output.c: revision 1.289
	sys/netinet/in.h: revision 1.102
	sys/netinet/in_pcb.c: revision 1.181
	share/man/man9/sockopt.9: revision 1.11
	sys/netinet/in_pcb.h: revision 1.65
	sys/sys/socketvar.h: revision 1.146
	sys/kern/uipc_syscalls.c: revision 1.189
	sys/netinet/ip_output.c: revision 1.290
	share/man/man4/ip.4: revision 1.41
	share/man/man4/ip.4: revision 1.42
	sys/kern/uipc_syscalls.c: revision 1.190

pass valsize for getsockopt like we do for setsockopt
make sure that we have enough space, don't require the exact size
(Tom Ivar Helbekkmo)

1) "#define ipi_spec_dst ipi_addr" in <netinet/in.h>
2) Change the IP_RECVPKTINFO option to control the generation of
   IP_PKTINFO control messages, the way it's done in Solaris.
3) Remove the superfluous IP_RECVPKTINFO control message.
4) Change the IP_PKTINFO option to do different things depending on
   the parameter it's supplied with:
   - If it's sizeof(int), assume it's being used as in Linux:
     - If it's non-zero, turn on the IP_RECVPKTINFO option.
     - If it's zero, turn off the IP_RECVPKTINFO option.
   - If it's sizeof(struct in_pktinfo), assume it's being used as in
     Solaris, to set a default for the source interface and/or
     source address for outgoing packets on the socket.
5) Return what Linux or Solaris compatible code expects, depending
   on data size, and just added a fallback to a Linux (and current NetBSD)
   compatible value if the size is unknown (as it is now), or,
   in the future, if the calling application specifies a receiving
   buffer that doesn't match either data item.

From: Tom Ivar Helbekkmo

new sentence-new line

Remove comment now that the getsockopt code passes the size.

Add a new sockopt member to keep track of the actual size of the option
that should be returned to the caller in getsockopt(2).
(Tom Ivar Helbekkmo)

Revision 1.355.2.5 / (download) - annotate - [select for diffs], Mon Feb 26 13:32:01 2018 UTC (6 years ago) by martin
Branch: netbsd-8
Changes since 1.355.2.4: +4 -4 lines
Diff to previous 1.355.2.4 (colored) to branchpoint 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #588):
	sys/netinet6/in6.c: revision 1.260
	sys/netinet/in.c: revision 1.219
	sys/netinet/wqinput.c: revision 1.4
	sys/rump/net/lib/libnetinet/netinet_component.c: revision 1.11
	sys/netinet/ip_input.c: revision 1.376
	sys/netinet6/ip6_input.c: revision 1.193
Avoid a deadlock between softnet_lock and IFNET_LOCK

A deadlock occurs because there is a violation of the rule of lock ordering;
softnet_lock is held with hodling IFNET_LOCK, which violates the rule.
To avoid the deadlock, replace softnet_lock in in_control and in6_control
with KERNEL_LOCK.

We also need to add some KERNEL_LOCKs to protect the network stack surely.
This is required, for example, for PR kern/51356.

Fix PR kern/53043

Revision 1.376 / (download) - annotate - [select for diffs], Sat Feb 24 07:37:09 2018 UTC (6 years ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-compat-base, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Branch point for: pgoyette-compat
Changes since 1.375: +4 -4 lines
Diff to previous 1.375 (colored) to selected 1.142 (colored)

Avoid a deadlock between softnet_lock and IFNET_LOCK

A deadlock occurs because there is a violation of the rule of lock ordering;
softnet_lock is held with hodling IFNET_LOCK, which violates the rule.
To avoid the deadlock, replace softnet_lock in in_control and in6_control
with KERNEL_LOCK.

We also need to add some KERNEL_LOCKs to protect the network stack surely.
This is required, for example, for PR kern/51356.

Fix PR kern/53043

Revision 1.355.2.4 / (download) - annotate - [select for diffs], Mon Feb 12 18:23:29 2018 UTC (6 years, 1 month ago) by snj
Branch: netbsd-8
Changes since 1.355.2.3: +4 -4 lines
Diff to previous 1.355.2.3 (colored) to branchpoint 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by maxv in ticket #547):
	sys/netinet/ip_input.c: 1.366
Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.
By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.
It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.375 / (download) - annotate - [select for diffs], Fri Feb 9 18:31:52 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.374: +2 -11 lines
Diff to previous 1.374 (colored) to selected 1.142 (colored)

Remove dead code.

Revision 1.298.6.1 / (download) - annotate - [select for diffs], Fri Feb 9 14:12:22 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-6-0
Changes since 1.298: +4 -4 lines
Diff to previous 1.298 (colored) next main 1.299 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by maxv in ticket #1526):
	sys/netinet/ip_input.c: revision 1.366

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.298.8.1 / (download) - annotate - [select for diffs], Fri Feb 9 14:11:21 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-6-1
Changes since 1.298: +4 -4 lines
Diff to previous 1.298 (colored) next main 1.299 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by maxv in ticket #1526):
	sys/netinet/ip_input.c: revision 1.366

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.298.2.1 / (download) - annotate - [select for diffs], Fri Feb 9 14:09:35 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-6
Changes since 1.298: +4 -4 lines
Diff to previous 1.298 (colored) next main 1.299 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by maxv in ticket #1526):
	sys/netinet/ip_input.c: revision 1.366

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.319.6.1 / (download) - annotate - [select for diffs], Fri Feb 9 14:06:25 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-7-0
Changes since 1.319: +4 -4 lines
Diff to previous 1.319 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by maxv in ticket #1563):
	sys/netinet/ip_input.c: revision 1.366 (via patch)

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.319.10.1 / (download) - annotate - [select for diffs], Fri Feb 9 14:05:29 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-7-1
CVS Tags: netbsd-7-1-2-RELEASE
Changes since 1.319: +4 -4 lines
Diff to previous 1.319 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by maxv in ticket #1563):
	sys/netinet/ip_input.c: revision 1.366 (via patch)

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.319.2.1 / (download) - annotate - [select for diffs], Fri Feb 9 13:37:09 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-7
CVS Tags: netbsd-7-2-RELEASE
Changes since 1.319: +4 -4 lines
Diff to previous 1.319 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by maxv in ticket #1563):
	sys/netinet/ip_input.c: revision 1.366 (via patch)

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:
        source = 0.0.0.0
        destination = public address of the server
        LSRR first address = address of a machine on the internal network
And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.374 / (download) - annotate - [select for diffs], Wed Feb 7 08:12:25 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.373: +3 -3 lines
Diff to previous 1.373 (colored) to selected 1.142 (colored)

Remove null check on ip, it can't be null. (Confuses code scanners.)

Revision 1.373 / (download) - annotate - [select for diffs], Tue Feb 6 06:36:40 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.372: +5 -5 lines
Diff to previous 1.372 (colored) to selected 1.142 (colored)

Typos and style a bit, no functional change.

Revision 1.372 / (download) - annotate - [select for diffs], Mon Feb 5 15:23:14 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.371: +3 -9 lines
Diff to previous 1.371 (colored) to selected 1.142 (colored)

Exterminate IPSENDREDIRECTS and IPMTUDISCTIMEOUT, neither is documented.

Revision 1.371 / (download) - annotate - [select for diffs], Mon Feb 5 15:18:10 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.370: +3 -9 lines
Diff to previous 1.370 (colored) to selected 1.142 (colored)

Nuke DIRECTED_BROADCAST, it is not documented and not enabled anywhere. It
probably wouldn't have built correctly anyway, since there is no associated
defflag.

These ten lines of code in ip_input.c already look a lot better.

Revision 1.370 / (download) - annotate - [select for diffs], Mon Feb 5 14:52:42 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.369: +17 -30 lines
Diff to previous 1.369 (colored) to selected 1.142 (colored)

Clean up this mess. This is typically the kind of places where we need to
seriously cut the bullshit. These things are unreadable, undocumented, and
all they bought us was not figuring out we had IPv4 forwarding enabled by
default for 20+ years.

Revision 1.369 / (download) - annotate - [select for diffs], Mon Feb 5 14:23:38 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.368: +7 -15 lines
Diff to previous 1.368 (colored) to selected 1.142 (colored)

Be tougher, and don't allow LSRR+SSRR (RFC7126).

Revision 1.368 / (download) - annotate - [select for diffs], Mon Feb 5 13:52:39 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.367: +27 -2 lines
Diff to previous 1.367 (colored) to selected 1.142 (colored)

Kick duplicate options, they are not allowed (RFC791).

Revision 1.367 / (download) - annotate - [select for diffs], Mon Feb 5 13:34:20 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.366: +2 -5 lines
Diff to previous 1.366 (colored) to selected 1.142 (colored)

Remove unused variable.

Revision 1.366 / (download) - annotate - [select for diffs], Mon Feb 5 13:23:11 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.365: +4 -4 lines
Diff to previous 1.365 (colored) to selected 1.142 (colored)

Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a
completely dumb idea, because they have security implications.

By sending an IPv4 packet containing an LSRR option, an attacker will
cause the system to forward the packet to another IPv4 address - and
this way he white-washes the source of the packet.

It is also possible for an attacker to reach hidden networks: if a server
has a public address, and a private one on an internal network (network
which has several internal machines connected), the attacker can send a
packet with:

	source = 0.0.0.0
	destination = public address of the server
	LSRR first address = address of a machine on the internal network

And the packet will be forwarded, by the server, to the internal machine,
in some cases even with the internal IP address of the server as a source.

Revision 1.365 / (download) - annotate - [select for diffs], Mon Feb 5 13:04:56 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.364: +14 -16 lines
Diff to previous 1.364 (colored) to selected 1.142 (colored)

Style, no functional change.

Revision 1.355.2.3 / (download) - annotate - [select for diffs], Tue Jan 2 10:20:34 2018 UTC (6 years, 2 months ago) by snj
Branch: netbsd-8
Changes since 1.355.2.2: +6 -16 lines
Diff to previous 1.355.2.2 (colored) to branchpoint 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #456):
	sys/arch/arm/sunxi/sunxi_emac.c: 1.9
	sys/dev/ic/dwc_gmac.c: 1.43-1.44
	sys/dev/pci/if_iwm.c: 1.75
	sys/dev/pci/if_wm.c: 1.543
	sys/dev/pci/ixgbe/ixgbe.c: 1.112
	sys/dev/pci/ixgbe/ixv.c: 1.74
	sys/kern/sys_socket.c: 1.75
	sys/net/agr/if_agr.c: 1.43
	sys/net/bpf.c: 1.219
	sys/net/if.c: 1.397, 1.399, 1.401-1.403, 1.406-1.410, 1.412-1.416
	sys/net/if.h: 1.242-1.247, 1.250, 1.252-1.257
	sys/net/if_bridge.c: 1.140 via patch, 1.142-1.146
	sys/net/if_etherip.c: 1.40
	sys/net/if_ethersubr.c: 1.243, 1.246
	sys/net/if_faith.c: 1.57
	sys/net/if_gif.c: 1.132
	sys/net/if_l2tp.c: 1.15, 1.17
	sys/net/if_loop.c: 1.98-1.101
	sys/net/if_media.c: 1.35
	sys/net/if_pppoe.c: 1.131-1.132
	sys/net/if_spppsubr.c: 1.176-1.177
	sys/net/if_tun.c: 1.142
	sys/net/if_vlan.c: 1.107, 1.109, 1.114-1.121
	sys/net/npf/npf_ifaddr.c: 1.3
	sys/net/npf/npf_os.c: 1.8-1.9
	sys/net/rtsock.c: 1.230
	sys/netcan/if_canloop.c: 1.3-1.5
	sys/netinet/if_arp.c: 1.255
	sys/netinet/igmp.c: 1.65
	sys/netinet/in.c: 1.210-1.211
	sys/netinet/in_pcb.c: 1.180
	sys/netinet/ip_carp.c: 1.92, 1.94
	sys/netinet/ip_flow.c: 1.81
	sys/netinet/ip_input.c: 1.362
	sys/netinet/ip_mroute.c: 1.147
	sys/netinet/ip_output.c: 1.283, 1.285, 1.287
	sys/netinet6/frag6.c: 1.61
	sys/netinet6/in6.c: 1.251, 1.255
	sys/netinet6/in6_pcb.c: 1.162
	sys/netinet6/ip6_flow.c: 1.35
	sys/netinet6/ip6_input.c: 1.183
	sys/netinet6/ip6_output.c: 1.196
	sys/netinet6/mld6.c: 1.90
	sys/netinet6/nd6.c: 1.239-1.240
	sys/netinet6/nd6_nbr.c: 1.139
	sys/netinet6/nd6_rtr.c: 1.136
	sys/netipsec/ipsec_output.c: 1.65
	sys/rump/net/lib/libnetinet/netinet_component.c: 1.9-1.10
kmem_intr_free kmem_intr_[z]alloced memory
the underlying pools are the same but api-wise those should match
Unify IFEF_*_MPSAFE into IFEF_MPSAFE
There are already two flags for if_output and if_start, however, it seems such
MPSAFE flags are eventually needed for all if_XXX operations. Having discrete
flags for each operation is wasteful of if_extflags bits. So let's unify
the flags into one: IFEF_MPSAFE.
Fortunately IFEF_*_MPSAFE flags have never been included in any releases, so
we can change them without breaking backward compatibility of the releases
(though the kernel version of -current should be bumped).
Note that if an interface have both MP-safe and non-MP-safe operations at a
time, we have to set the IFEF_MPSAFE flag and let callees of non-MP-safe
opeartions take the kernel lock.
Proposed on tech-kern@ and tech-net@
Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch
It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.
No functional change
Hold KERNEL_LOCK on if_ioctl selectively based on IFEF_MPSAFE
If IFEF_MPSAFE is set, hold the lock and otherwise don't hold.
This change requires additions of KERNEL_LOCK to subsequence functions from
if_ioctl such as ifmedia_ioctl and ifioctl_common to protect non-MP-safe
components.
Proposed on tech-kern@ and tech-net@
Ensure to hold if_ioctl_lock when calling if_flags_set
Fix locking against myself on ifpromisc
vlan_unconfig_locked could be called with holding if_ioctl_lock.
Ensure to not turn on IFF_RUNNING of an interface until its initialization completes
And ensure to turn off it before destruction as per IFF_RUNNING's description
"resource allocated". (The description is a bit doubtful though, I believe the
change is still proper.)
Ensure to hold if_ioctl_lock on if_up and if_down
One exception for if_down is if_detach; in the case the lock isn't needed
because it's guaranteed that no other one can access ifp at that point.
Make if_link_queue MP-safe if IFEF_MPSAFE
if_link_queue is a queue to store events of link state changes, which is
used to pass events from (typically) an interrupt handler to
if_link_state_change softint. The queue was protected by KERNEL_LOCK so far,
but if IFEF_MPSAFE is enabled, it becomes unsafe because (perhaps) an interrupt
handler of an interface with IFEF_MPSAFE doesn't take KERNEL_LOCK. Protect it
by a spin mutex.
Additionally with this change KERNEL_LOCK of if_link_state_change softint is
omitted if NET_MPSAFE is enabled.
Note that the spin mutex is now ifp->if_snd.ifq_lock as well as the case of
if_timer (see the comment).
Use IFADDR_WRITER_FOREACH instead of IFADDR_READER_FOREACH
At that point no other one modifies the list so IFADDR_READER_FOREACH
is unnecessary. Use of IFADDR_READER_FOREACH is harmless in general though,
if we try to detect contract violations of pserialize, using it violates
the contract. So avoid using it makes life easy.
Ensure to call if_addr_init with holding if_ioctl_lock
Get rid of outdated comments
Fix build of kernels without ether
By throwing out if_enable_vlan_mtu and if_disable_vlan_mtu that
created a unnecessary dependency from if.c to if_ethersubr.c.
PR kern/52790
Rename IFNET_LOCK to IFNET_GLOBAL_LOCK
IFNET_LOCK will be used in another lock, if_ioctl_lock (might be renamed then).
Wrap if_ioctl_lock with IFNET_* macros (NFC)
Also if_ioctl_lock perhaps needs to be renamed to something because it's now
not just for ioctl...
Reorder some destruction routines in if_detach
- Destroy if_ioctl_lock at the end of the if_detach because it's used in various
  destruction routines
- Move psref_target_destroy after pr_purgeif because we want to use psref in
  pr_purgeif (otherwise destruction procedures can be tricky)
Ensure to call if_mcast_op with holding IFNET_LOCK
Note that CARP doesn't deal with IFNET_LOCK yet.
Remove IFNET_GLOBAL_LOCK where it's unnecessary because IFNET_LOCK is held
Describe which lock is used to protect each member variable of struct ifnet
Requested by skrll@
Write a guideline for converting an interface to IFEF_MPSAFE
Requested by skrll@
Note that IFNET_LOCK must not be held in softint
Don't set IFEF_MPSAFE unless NET_MPSAFE at this point
Because recent investigations show that interfaces with IFEF_MPSAFE need to
follow additional restrictions to work with the flag safely. We should enable it
on an interface by default only if the interface surely satisfies the
restrictions, which are described in if.h.
Note that enabling IFEF_MPSAFE solely gains a few benefit on performance because
the network stack is still serialized by the big kernel locks by default.

Revision 1.364 / (download) - annotate - [select for diffs], Mon Jan 1 00:51:36 2018 UTC (6 years, 2 months ago) by christos
Branch: MAIN
Changes since 1.363: +2 -11 lines
Diff to previous 1.363 (colored) to selected 1.142 (colored)

1) "#define ipi_spec_dst ipi_addr" in <netinet/in.h>
2) Change the IP_RECVPKTINFO option to control the generation of
   IP_PKTINFO control messages, the way it's done in Solaris.
3) Remove the superfluous IP_RECVPKTINFO control message.
4) Change the IP_PKTINFO option to do different things depending on
   the parameter it's supplied with:
   - If it's sizeof(int), assume it's being used as in Linux:
     - If it's non-zero, turn on the IP_RECVPKTINFO option.
     - If it's zero, turn off the IP_RECVPKTINFO option.
   - If it's sizeof(struct in_pktinfo), assume it's being used as in
     Solaris, to set a default for the source interface and/or
     source address for outgoing packets on the socket.
5) Return what Linux or Solaris compatible code expects, depending
   on data size, and just added a fallback to a Linux (and current NetBSD)
   compatible value if the size is unknown (as it is now), or,
   in the future, if the calling application specifies a receiving
   buffer that doesn't match either data item.

From: Tom Ivar Helbekkmo

Revision 1.355.2.2 / (download) - annotate - [select for diffs], Sun Dec 10 09:24:30 2017 UTC (6 years, 3 months ago) by snj
Branch: netbsd-8
Changes since 1.355.2.1: +13 -7 lines
Diff to previous 1.355.2.1 (colored) to branchpoint 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by roy in ticket #390):
	sys/netinet/ip_input.c: 1.363
	sys/netinet6/ip6_input.c: 1.184-1.185
	sys/netinet6/ip6_output.c: 1.194-1.195
	sys/netinet6/in6_src.c: 1.83-1.84
Allow local communication over DETACHED addresses.
Allow binding to DETACHED or TENTATIVE addresses as we deny
sending upstream from them anyway.
Prefer non DETACHED or TENTATIVE addresses.
--
Attempt to restore v6 networking.   Not 100% certain that these
changes are all that is needed, but they're certainly a big part of it
(especially the ip6_input.c change.)
--
Treat unvalidated addresses as deprecated in rule 3.

Revision 1.302.2.4 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:04 2017 UTC (6 years, 3 months ago) by jdolecek
Branch: tls-maxphys
Changes since 1.302.2.3: +419 -264 lines
Diff to previous 1.302.2.3 (colored) to branchpoint 1.302 (colored) next main 1.303 (colored) to selected 1.142 (colored)

update from HEAD

Revision 1.363 / (download) - annotate - [select for diffs], Fri Nov 24 14:03:25 2017 UTC (6 years, 3 months ago) by roy
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202
Changes since 1.362: +13 -7 lines
Diff to previous 1.362 (colored) to selected 1.142 (colored)

Allow local communication over DETACHED addresses.
Allow binding to DETACHED or TENTATIVE addresses as we deny
sending upstream from them anyway.
Prefer non DETACHED or TENTATIVE addresses.

Revision 1.362 / (download) - annotate - [select for diffs], Fri Nov 17 07:37:12 2017 UTC (6 years, 4 months ago) by ozaki-r
Branch: MAIN
Changes since 1.361: +6 -16 lines
Diff to previous 1.361 (colored) to selected 1.142 (colored)

Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch

It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.

No functional change

Revision 1.355.2.1 / (download) - annotate - [select for diffs], Sat Oct 21 19:43:54 2017 UTC (6 years, 4 months ago) by snj
Branch: netbsd-8
CVS Tags: matt-nb8-mediatek-base, matt-nb8-mediatek
Changes since 1.355: +3 -11 lines
Diff to previous 1.355 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #300):
	crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19
	crypto/dist/ipsec-tools/src/setkey/token.l: 1.20
	distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759
	doc/TODO.smpnet: 1.12-1.13
	sys/net/pfkeyv2.h: 1.32
	sys/net/raw_cb.c: 1.23-1.24, 1.28
	sys/net/raw_cb.h: 1.28
	sys/net/raw_usrreq.c: 1.57-1.58
	sys/net/rtsock.c: 1.228-1.229
	sys/netinet/in_proto.c: 1.125
	sys/netinet/ip_input.c: 1.359-1.361
	sys/netinet/tcp_input.c: 1.359-1.360
	sys/netinet/tcp_output.c: 1.197
	sys/netinet/tcp_var.h: 1.178
	sys/netinet6/icmp6.c: 1.213
	sys/netinet6/in6_proto.c: 1.119
	sys/netinet6/ip6_forward.c: 1.88
	sys/netinet6/ip6_input.c: 1.181-1.182
	sys/netinet6/ip6_output.c: 1.193
	sys/netinet6/ip6protosw.h: 1.26
	sys/netipsec/ipsec.c: 1.100-1.122
	sys/netipsec/ipsec.h: 1.51-1.61
	sys/netipsec/ipsec6.h: 1.18-1.20
	sys/netipsec/ipsec_input.c: 1.44-1.51
	sys/netipsec/ipsec_netbsd.c: 1.41-1.45
	sys/netipsec/ipsec_output.c: 1.49-1.64
	sys/netipsec/ipsec_private.h: 1.5
	sys/netipsec/key.c: 1.164-1.234
	sys/netipsec/key.h: 1.20-1.32
	sys/netipsec/key_debug.c: 1.18-1.21
	sys/netipsec/key_debug.h: 1.9
	sys/netipsec/keydb.h: 1.16-1.20
	sys/netipsec/keysock.c: 1.59-1.62
	sys/netipsec/keysock.h: 1.10
	sys/netipsec/xform.h: 1.9-1.12
	sys/netipsec/xform_ah.c: 1.55-1.74
	sys/netipsec/xform_esp.c: 1.56-1.72
	sys/netipsec/xform_ipcomp.c: 1.39-1.53
	sys/netipsec/xform_ipip.c: 1.50-1.54
	sys/netipsec/xform_tcp.c: 1.12-1.16
	sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170
	sys/rump/librump/rumpnet/net_stub.c: 1.27
	sys/sys/protosw.h: 1.67-1.68
	tests/net/carp/t_basic.sh: 1.7
	tests/net/if_gif/t_gif.sh: 1.11
	tests/net/if_l2tp/t_l2tp.sh: 1.3
	tests/net/ipsec/Makefile: 1.7-1.9
	tests/net/ipsec/algorithms.sh: 1.5
	tests/net/ipsec/common.sh: 1.4-1.6
	tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2
	tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2
	tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7
	tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7
	tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18
	tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2
	tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2
	tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6
	tests/net/ipsec/t_ipsec_tunnel.sh: 1.9
	tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2
	tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3
	tests/net/mcast/t_mcast.sh: 1.6
	tests/net/net/t_ipaddress.sh: 1.11
	tests/net/net_common.sh: 1.20
	tests/net/npf/t_npf.sh: 1.3
	tests/net/route/t_flags.sh: 1.20
	tests/net/route/t_flags6.sh: 1.16
	usr.bin/netstat/fast_ipsec.c: 1.22
Do m_pullup before mtod

It may fix panicks of some tests on anita/sparc and anita/GuruPlug.
---
KNF
---
Enable DEBUG for babylon5
---
Apply C99-style struct initialization to xformsw
---
Tweak outputs of netstat -s for IPsec

- Get rid of "Fast"
- Use ipsec and ipsec6 for titles to clarify protocol
- Indent outputs of sub protocols

Original outputs were organized like this:

(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:
(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:

New outputs are organized like this:

ipsec:
	ah:
	esp:
	ipip:
	ipcomp:
ipsec6:
	ah:
	esp:
	ipip:
	ipcomp:
---
Add test cases for IPComp
---
Simplify IPSEC_OSTAT macro (NFC)
---
KNF; replace leading whitespaces with hard tabs
---
Introduce and use SADB_SASTATE_USABLE_P
---
KNF
---
Add update command for testing

Updating an SA (SADB_UPDATE) requires that a process issuing
SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI).
This means that update command must be used with add command in a
configuration of setkey. This usage is normally meaningless but
useful for testing (and debugging) purposes.
---
Add test cases for updating SA/SP

The tests require newly-added udpate command of setkey.
---
PR/52346: Frank Kardel: Fix checksumming for NAT-T
See XXX for improvements.
---
Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE

It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters
that have IPsec accelerators; a driver sets the mtag to a packet
when its device has already encrypted the packet.

Unfortunately no driver implements such offload features for long
years and seems unlikely to implement them soon. (Note that neither
FreeBSD nor Linux doesn't have such drivers.) Let's remove related
(unused) codes and simplify the IPsec code.
---
Fix usages of sadb_msg_errno
---
Avoid updating sav directly

On SADB_UPDATE a target sav was updated directly, which was unsafe.
Instead allocate another sav, copy variables of the old sav to
the new one and replace the old one with the new one.
---
Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid
---
Rename key_alloc* functions (NFC)

We shouldn't use the term "alloc" for functions that just look up
data and actually don't allocate memory.
---
Use explicit_memset to surely zero-clear key_auth and key_enc
---
Make sure to clear keys on error paths of key_setsaval
---
Add missing KEY_FREESAV
---
Make sure a sav is inserted to a sah list after its initialization completes
---
Remove unnecessary zero-clearing codes from key_setsaval

key_setsaval is now used only for a newly-allocated sav. (It was
used to reset variables of an existing sav.)
---
Correct wrong assumption of sav->refcnt in key_delsah

A sav in a list is basically not to be sav->refcnt == 0. And also
KEY_FREESAV assumes sav->refcnt > 0.
---
Let key_getsavbyspi take a reference of a returning sav
---
Use time_mono_to_wall (NFC)
---
Separate sending message routine (NFC)
---
Simplify; remove unnecessary zero-clears

key_freesaval is used only when a target sav is being destroyed.
---
Omit NULL checks for sav->lft_c

sav->lft_c can be NULL only when initializing or destroying sav.
---
Omit unnecessary NULL checks for sav->sah
---
Omit unnecessary check of sav->state

key_allocsa_policy picks a sav of either MATURE or DYING so we
don't need to check its state again.
---
Simplify; omit unnecessary saidx passing

- ipsec_nextisr returns a saidx but no caller uses it
- key_checkrequest is passed a saidx but it can be gotton by
  another argument (isr)
---
Fix splx isn't called on some error paths
---
Fix header size calculation of esp where sav is NULL
---
Fix header size calculation of ah in the case sav is NULL

This fix was also needed for esp.
---
Pass sav directly to opencrypto callback

In a callback, use a passed sav as-is by default and look up a sav
only if the passed sav is dead.
---
Avoid examining freshness of sav on packet processing

If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance,
we don't need to examine each sav and also don't need to delete one
on the fly and send up a message. Fortunately every sav lists are sorted
as we need.

Added key_validate_savlist validates that each sav list is surely sorted
(run only if DEBUG because it's not cheap).
---
Add test cases for SAs with different SPIs
---
Prepare to stop using isr->sav

isr is a shared resource and using isr->sav as a temporal storage
for each packet processing is racy. And also having a reference from
isr to sav makes the lifetime of sav non-deterministic; such a reference
is removed when a packet is processed and isr->sav is overwritten by
new one. Let's have a sav locally for each packet processing instead of
using shared isr->sav.

However this change doesn't stop using isr->sav yet because there are
some users of isr->sav. isr->sav will be removed after the users find
a way to not use isr->sav.
---
Fix wrong argument handling
---
fix printf format.
---
Don't validate sav lists of LARVAL or DEAD states

We don't sort the lists so the validation will always fail.

Fix PR kern/52405
---
Make sure to sort the list when changing the state by key_sa_chgstate
---
Rename key_allocsa_policy to key_lookup_sa_bysaidx
---
Separate test files
---
Calculate ah_max_authsize on initialization as well as esp_max_ivlen
---
Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag
---
Restore a comment removed in previous

The comment is valid for the below code.
---
Make tests more stable

sleep command seems to wait longer than expected on anita so
use polling to wait for a state change.
---
Add tests that explicitly delete SAs instead of waiting for expirations
---
Remove invalid M_AUTHIPDGM check on ESP isr->sav

M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can
have AH authentication as sav->tdb_authalgxform. However, in that
case esp_input and esp_input_cb are used to do ESP decryption and
AH authentication and M_AUTHIPDGM never be set to a mbuf. So
checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless.
---
Look up sav instead of relying on unstable sp->req->sav

This code is executed only in an error path so an additional lookup
doesn't matter.
---
Correct a comment
---
Don't release sav if calling crypto_dispatch again
---
Remove extra KEY_FREESAV from ipsec_process_done

It should be done by the caller.
---
Don't bother the case of crp->crp_buf == NULL in callbacks
---
Hold a reference to an SP during opencrypto processing

An SP has a list of isr (ipsecrequest) that represents a sequence
of IPsec encryption/authentication processing. One isr corresponds
to one opencrypto processing. The lifetime of an isr follows its SP.

We pass an isr to a callback function of opencrypto to continue
to a next encryption/authentication processing. However nobody
guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed.

In order to avoid such unexpected destruction of isr, hold a reference
to its SP during opencrypto processing.
---
Don't make SAs expired on tests that delete SAs explicitly
---
Fix a debug message
---
Dedup error paths (NFC)
---
Use pool to allocate tdb_crypto

For ESP and AH, we need to allocate an extra variable space in addition
to struct tdb_crypto. The fixed size of pool items may be larger than
an actual requisite size of a buffer, but still the performance
improvement by replacing malloc with pool wins.
---
Don't use unstable isr->sav for header size calculations

We may need to optimize to not look up sav here for users that
don't need to know an exact size of headers (e.g., TCP segmemt size
caclulation).
---
Don't use sp->req->sav when handling NAT-T ESP fragmentation

In order to do this we need to look up a sav however an additional
look-up degrades performance. A sav is later looked up in
ipsec4_process_packet so delay the fragmentation check until then
to avoid an extra look-up.
---
Don't use key_lookup_sp that depends on unstable sp->req->sav

It provided a fast look-up of SP. We will provide an alternative
method in the future (after basic MP-ification finishes).
---
Stop setting isr->sav on looking up sav in key_checkrequest
---
Remove ipsecrequest#sav
---
Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore
---
Skip ipsec_spi_*_*_preferred_new_timeout when running on qemu

Probably due to PR 43997
---
Add localcount to rump kernels
---
Remove unused macro
---
Fix key_getcomb_setlifetime

The fix adjusts a soft limit to be 80% of a corresponding hard limit.

I'm not sure the fix is really correct though, at least the original
code is wrong. A passed comb is zero-cleared before calling
key_getcomb_setlifetime, so
  comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
is meaningless.
---
Provide and apply key_sp_refcnt (NFC)

It simplifies further changes.
---
Fix indentation

Pointed out by knakahara@
---
Use pslist(9) for sptree
---
Don't acquire global locks for IPsec if NET_MPSAFE

Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
---
Let PF_KEY socks hold their own lock instead of softnet_lock

Operations on SAD and SPD are executed via PF_KEY socks. The operations
include deletions of SAs and SPs that will use synchronization mechanisms
such as pserialize_perform to wait for references to SAs and SPs to be
released. It is known that using such mechanisms with holding softnet_lock
causes a dead lock. We should avoid the situation.
---
Make IPsec SPD MP-safe

We use localcount(9), not psref(9), to make the sptree and secpolicy (SP)
entries MP-safe because SPs need to be referenced over opencrypto
processing that executes a callback in a different context.

SPs on sockets aren't managed by the sptree and can be destroyed in softint.
localcount_drain cannot be used in softint so we delay the destruction of
such SPs to a thread context. To do so, a list to manage such SPs is added
(key_socksplist) and key_timehandler_spd deletes dead SPs in the list.

For more details please read the locking notes in key.c.

Proposed on tech-kern@ and tech-net@
---
Fix updating ipsec_used

- key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush
- key_update_used wasn't called if an SP had been added/deleted but
  a reply to userland failed
---
Fix updating ipsec_used; turn on when SPs on sockets are added
---
Add missing IPsec policy checks to icmp6_rip6_input

icmp6_rip6_input is quite similar to rip6_input and the same checks exist
in rip6_input.
---
Add test cases for setsockopt(IP_IPSEC_POLICY)
---
Don't use KEY_NEWSP for dummy SP entries

By the change KEY_NEWSP is now not called from softint anymore
and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP.
---
Comment out unused functions
---
Add test cases that there are SPs but no relevant SAs
---
Don't allow sav->lft_c to be NULL

lft_c of an sav that was created by SADB_GETSPI could be NULL.
---
Clean up clunky eval strings

- Remove unnecessary \ at EOL
  - This allows to omit ; too
- Remove unnecessary quotes for arguments of atf_set
- Don't expand $DEBUG in eval
  - We expect it's expanded on execution

Suggested by kre@
---
Remove unnecessary KEY_FREESAV in an error path

sav should be freed (unreferenced) by the caller.
---
Use pslist(9) for sahtree
---
Use pslist(9) for sah->savtree
---
Rename local variable newsah to sah

It may not be new.
---
MP-ify SAD slightly

- Introduce key_sa_mtx and use it for some list operations
- Use pserialize for some list iterations
---
Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future

KEY_SA_UNREF is still key_freesav so no functional change for now.

This change reduces diff of further changes.
---
Remove out-of-date log output

Pointed out by riastradh@
---
Use KDASSERT instead of KASSERT for mutex_ownable

Because mutex_ownable is too heavy to run in a fast path
even for DIAGNOSTIC + LOCKDEBUG.

Suggested by riastradh@
---
Assemble global lists and related locks into cache lines (NFCI)

Also rename variable names from *tree to *list because they are
just lists, not trees.

Suggested by riastradh@
---
Move locking notes
---
Update the locking notes

- Add locking order
- Add locking notes for misc lists such as reglist
- Mention pserialize, key_sp_ref and key_sp_unref on SP operations

Requested by riastradh@
---
Describe constraints of key_sp_ref and key_sp_unref

Requested by riastradh@
---
Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL
---
Add __read_mostly to key_psz

Suggested by riastradh@
---
Tweak wording (pserialize critical section => pserialize read section)

Suggested by riastradh@
---
Add missing mutex_exit
---
Fix setkey -D -P outputs

The outputs were tweaked (by me), but I forgot updating libipsec
in my local ATF environment...
---
MP-ify SAD (key_sad.sahlist and sah entries)

localcount(9) is used to protect key_sad.sahlist and sah entries
as well as SPD (and will be used for SAD sav).

Please read the locking notes of SAD for more details.
---
Introduce key_sa_refcnt and replace sav->refcnt with it (NFC)
---
Destroy sav only in the loop for DEAD sav
---
Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf

If key_sendup_mbuf isn't passed a socket, the assertion fails.
Originally in this case sb->sb_so was softnet_lock and callers
held softnet_lock so the assertion was magically satisfied.
Now sb->sb_so is key_so_mtx and also softnet_lock isn't always
held by callers so the assertion can fail.

Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket.

Reported by knakahara@
Tested by knakahara@ and ozaki-r@
---
Fix locking notes of SAD
---
Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain

If we call key_sendup_mbuf from key_acquire that is called on packet
processing, a deadlock can happen like this:
- At key_acquire, a reference to an SP (and an SA) is held
- key_sendup_mbuf will try to take key_so_mtx
- Some other thread may try to localcount_drain to the SP with
  holding key_so_mtx in say key_api_spdflush
- In this case localcount_drain never return because key_sendup_mbuf
  that has stuck on key_so_mtx never release a reference to the SP

Fix the deadlock by deferring key_sendup_mbuf to the timer
(key_timehandler).
---
Fix that prev isn't cleared on retry
---
Limit the number of mbufs queued for deferred key_sendup_mbuf

It's easy to be queued hundreds of mbufs on the list under heavy
network load.
---
MP-ify SAD (savlist)

localcount(9) is used to protect savlist of sah. The basic design is
similar to MP-ifications of SPD and SAD sahlist. Please read the
locking notes of SAD for more details.
---
Simplify ipsec_reinject_ipstack (NFC)
---
Add per-CPU rtcache to ipsec_reinject_ipstack

It reduces route lookups and also reduces rtcache lock contentions
when NET_MPSAFE is enabled.
---
Use pool_cache(9) instead of pool(9) for tdb_crypto objects

The change improves network throughput especially on multi-core systems.
---
Update

ipsec(4), opencrypto(9) and vlan(4) are now MP-safe.
---
Write known issues on scalability
---
Share a global dummy SP between PCBs

It's never be changed so it can be pre-allocated and shared safely between PCBs.
---
Fix race condition on the rawcb list shared by rtsock and keysock

keysock now protects itself by its own mutex, which means that
the rawcb list is protected by two different mutexes (keysock's one
and softnet_lock for rtsock), of course it's useless.

Fix the situation by having a discrete rawcb list for each.
---
Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE
---
fix localcount leak in sav. fixed by ozaki-r@n.o.

I commit on behalf of him.
---
remove unnecessary comment.
---
Fix deadlock between pserialize_perform and localcount_drain

A typical ussage of localcount_drain looks like this:

  mutex_enter(&mtx);
  item = remove_from_list();
  pserialize_perform(psz);
  localcount_drain(&item->localcount, &cv, &mtx);
  mutex_exit(&mtx);

This sequence can cause a deadlock which happens for example on the following
situation:

- Thread A calls localcount_drain which calls xc_broadcast after releasing
  a specified mutex
- Thread B enters the sequence and calls pserialize_perform with holding
  the mutex while pserialize_perform also calls xc_broadcast
- Thread C (xc_thread) that calls an xcall callback of localcount_drain tries
  to hold the mutex

xc_broadcast of thread B doesn't start until xc_broadcast of thread A
finishes, which is a feature of xcall(9). This means that pserialize_perform
never complete until xc_broadcast of thread A finishes. On the other hand,
thread C that is a callee of xc_broadcast of thread A sticks on the mutex.
Finally the threads block each other (A blocks B, B blocks C and C blocks A).

A possible fix is to serialize executions of the above sequence by another
mutex, but adding another mutex makes the code complex, so fix the deadlock
by another way; the fix is to release the mutex before pserialize_perform
and instead use a condvar to prevent pserialize_perform from being called
simultaneously.

Note that the deadlock has happened only if NET_MPSAFE is enabled.
---
Add missing ifdef NET_MPSAFE
---
Take softnet_lock on pr_input properly if NET_MPSAFE

Currently softnet_lock is taken unnecessarily in some cases, e.g.,
icmp_input and encap4_input from ip_input, or not taken even if needed,
e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.

NFC if NET_MPSAFE is disabled (default).
---
- sanitize key debugging so that we don't print extra newlines or unassociated
  debugging messages.
- remove unused functions and make internal ones static
- print information in one line per message
---
humanize printing of ip addresses
---
cast reduction, NFC.
---
Fix typo in comment
---
Pull out ipsec_fill_saidx_bymbuf (NFC)
---
Don't abuse key_checkrequest just for looking up sav

It does more than expected for example key_acquire.
---
Fix SP is broken on transport mode

isr->saidx was modified accidentally in ipsec_nextisr.

Reported by christos@
Helped investigations by christos@ and knakahara@
---
Constify isr at many places (NFC)
---
Include socketvar.h for softnet_lock
---
Fix buffer length for ipsec_logsastr

Revision 1.361 / (download) - annotate - [select for diffs], Wed Sep 27 10:05:04 2017 UTC (6 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.360: +2 -4 lines
Diff to previous 1.360 (colored) to selected 1.142 (colored)

Take softnet_lock on pr_input properly if NET_MPSAFE

Currently softnet_lock is taken unnecessarily in some cases, e.g.,
icmp_input and encap4_input from ip_input, or not taken even if needed,
e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.

NFC if NET_MPSAFE is disabled (default).

Revision 1.319.4.10 / (download) - annotate - [select for diffs], Mon Aug 28 17:53:12 2017 UTC (6 years, 6 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.9: +108 -102 lines
Diff to previous 1.319.4.9 (colored) to branchpoint 1.319 (colored) next main 1.320 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.360 / (download) - annotate - [select for diffs], Thu Jul 27 06:59:28 2017 UTC (6 years, 7 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20170825
Changes since 1.359: +2 -8 lines
Diff to previous 1.359 (colored) to selected 1.142 (colored)

Don't acquire global locks for IPsec if NET_MPSAFE

Note that the change is just to make testing easy and IPsec isn't MP-safe yet.

Revision 1.359 / (download) - annotate - [select for diffs], Wed Jul 19 07:24:46 2017 UTC (6 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.358: +3 -3 lines
Diff to previous 1.358 (colored) to selected 1.142 (colored)

Correct a comment

Revision 1.358 / (download) - annotate - [select for diffs], Sat Jul 8 22:56:15 2017 UTC (6 years, 8 months ago) by christos
Branch: MAIN
CVS Tags: perseant-stdc-iso10646-base, perseant-stdc-iso10646
Changes since 1.357: +19 -14 lines
Diff to previous 1.357 (colored) to selected 1.142 (colored)

Reorder the controls to the ones that need an interface and the ones that
don't; process the ones that don't first. Add a DIAGNOSTIC if there is no
interface; really this should be a KASSERT/panic because it is a bug if the
interface is not set at this point.

Revision 1.357 / (download) - annotate - [select for diffs], Thu Jul 6 17:12:34 2017 UTC (6 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.356: +6 -6 lines
Diff to previous 1.356 (colored) to selected 1.142 (colored)

remove unnecessary casts (no functional change)

Revision 1.356 / (download) - annotate - [select for diffs], Thu Jul 6 17:08:57 2017 UTC (6 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.355: +5 -29 lines
Diff to previous 1.355 (colored) to selected 1.142 (colored)

Merge the two copies SO_TIMESTAMP/SO_OTIMESTAMP processing to a single
function, and add a SOOPT_TIMESTAMP define reducing compat pollution from
5 places to 1.

Revision 1.355 / (download) - annotate - [select for diffs], Thu Jun 1 02:45:14 2017 UTC (6 years, 9 months ago) by chs
Branch: MAIN
CVS Tags: netbsd-8-base
Branch point for: netbsd-8
Changes since 1.354: +2 -6 lines
Diff to previous 1.354 (colored) to selected 1.142 (colored)

remove checks for failure after memory allocation calls that cannot fail:

  kmem_alloc() with KM_SLEEP
  kmem_zalloc() with KM_SLEEP
  percpu_alloc()
  pserialize_create()
  psref_class_create()

all of these paths include an assertion that the allocation has not failed,
so callers should not assert that again.

Revision 1.337.2.5 / (download) - annotate - [select for diffs], Wed Apr 26 02:53:29 2017 UTC (6 years, 10 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.337.2.4: +69 -40 lines
Diff to previous 1.337.2.4 (colored) to branchpoint 1.337 (colored) next main 1.338 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.347.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:54:06 2017 UTC (6 years, 10 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.347: +91 -51 lines
Diff to previous 1.347 (colored) next main 1.348 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.354 / (download) - annotate - [select for diffs], Fri Mar 31 06:49:44 2017 UTC (6 years, 11 months ago) by ozaki-r
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-20170426, jdolecek-ncq-base, jdolecek-ncq, bouyer-socketcan-base1
Changes since 1.353: +48 -34 lines
Diff to previous 1.353 (colored) to selected 1.142 (colored)

Don't use a single global variable to store source route information for multiple incoming packets

It's not MP-safe. So use a m_tag to store the information instead.

Pointed out by knakahara@
The fix is from OpenBSD (originally fixed in FreeBSD)

Revision 1.353 / (download) - annotate - [select for diffs], Fri Mar 31 06:42:19 2017 UTC (6 years, 11 months ago) by ozaki-r
Branch: MAIN
Changes since 1.352: +23 -8 lines
Diff to previous 1.352 (colored) to selected 1.142 (colored)

Don't use a single global variable as a temporal storage for multiple packets

It's not MP-safe. So use local variables instead.

Revision 1.337.2.4 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:50 2017 UTC (7 years ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.337.2.3: +28 -13 lines
Diff to previous 1.337.2.3 (colored) to branchpoint 1.337 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.352 / (download) - annotate - [select for diffs], Mon Mar 6 07:31:15 2017 UTC (7 years ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20170320
Changes since 1.351: +4 -2 lines
Diff to previous 1.351 (colored) to selected 1.142 (colored)

Make sure icmp_redirect_timeout_q and ip_mtudisc_timeout_q are initialized on bootup

Fix PR kern/52029

Revision 1.351 / (download) - annotate - [select for diffs], Fri Feb 17 18:09:25 2017 UTC (7 years, 1 month ago) by ozaki-r
Branch: MAIN
Changes since 1.350: +3 -3 lines
Diff to previous 1.350 (colored) to selected 1.142 (colored)

Fix return value

Revision 1.350 / (download) - annotate - [select for diffs], Fri Feb 17 04:32:10 2017 UTC (7 years, 1 month ago) by ozaki-r
Branch: MAIN
Changes since 1.349: +13 -12 lines
Diff to previous 1.349 (colored) to selected 1.142 (colored)

Protect sysctl_net_inet_ip_pmtudto with icmp_mtx instead of softnet_lock

Revision 1.349 / (download) - annotate - [select for diffs], Tue Feb 7 02:38:08 2017 UTC (7 years, 1 month ago) by ozaki-r
Branch: MAIN
Changes since 1.348: +7 -4 lines
Diff to previous 1.348 (colored) to selected 1.142 (colored)

Add missing NULL checks for m_get_rcvif

Revision 1.319.4.9 / (download) - annotate - [select for diffs], Sun Feb 5 13:40:59 2017 UTC (7 years, 1 month ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.8: +35 -23 lines
Diff to previous 1.319.4.8 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.348 / (download) - annotate - [select for diffs], Tue Jan 24 07:09:24 2017 UTC (7 years, 1 month ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20170204
Changes since 1.347: +7 -2 lines
Diff to previous 1.347 (colored) to selected 1.142 (colored)

Tweak softnet_lock and NET_MPSAFE

- Don't hold softnet_lock in some functions if NET_MPSAFE
- Add softnet_lock to sysctl_net_inet_icmp_redirtimeout
- Add softnet_lock to expire_upcalls of ip_mroute.c
- Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE
- Mark some softnet_lock for future work

Revision 1.337.2.3 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:51 2017 UTC (7 years, 2 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.337.2.2: +34 -23 lines
Diff to previous 1.337.2.2 (colored) to branchpoint 1.337 (colored) to selected 1.142 (colored)

Sync with HEAD.  (Note that most of these changes are simply $NetBSD$
tag issues.)

Revision 1.347 / (download) - annotate - [select for diffs], Mon Dec 12 03:55:57 2016 UTC (7 years, 3 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107, bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.346: +2 -3 lines
Diff to previous 1.346 (colored) to selected 1.142 (colored)

Make the routing table and rtcaches MP-safe

See the following descriptions for details.

Proposed on tech-kern and tech-net


Overview
--------

We protect the routing table with a rwock and protect
rtcaches with another rwlock. Each rtentry is protected
from being freed or updated via reference counting and psref.

Global rwlocks
--------------

There are two rwlocks; one for the routing table (rt_lock) and
the other for rtcaches (rtcache_lock). rtcache_lock covers
all existing rtcaches; there may have room for optimizations
(future work).

The locking order is rtcache_lock first and rt_lock is next.

rtentry references
------------------

References to an rtentry is managed with reference counting
and psref. Either of the two mechanisms is used depending on
where a rtentry is obtained. Reference counting is used when
we obtain a rtentry from the routing table directly via
rtalloc1 and rtrequest{,1} while psref is used when we obtain
a rtentry from a rtcache via rtcache_* APIs. In both cases,
a caller can sleep/block with holding an obtained rtentry.

The reasons why we use two different mechanisms are (i) only
using reference counting hurts the performance due to atomic
instructions (rtcache case) (ii) ease of implementation;
applying psref to APIs such rtaloc1 and rtrequest{,1} requires
additional works (adding a local variable and an argument).

We will finally migrate to use only psref but we can do it
when we have a lockless routing table alternative.

Reference counting for rtentry
------------------------------

rt_refcnt now doesn't count permanent references such as for
rt_timers and rtcaches, instead it is used only for temporal
references when obtaining a rtentry via rtalloc1 and rtrequest{,1}.
We can do so because destroying a rtentry always involves
removing references of rt_timers and rtcaches to the rtentry
and we don't need to track such references. This also makes
it easy to wait for readers to release references on deleting
or updating a rtentry, i.e., we can simply wait until the
reference counter is 0 or 1. (If there are permanent references
the counter can be arbitrary.)

rt_ref increments a reference counter of a rtentry and rt_unref
decrements it. rt_ref is called inside APIs (rtalloc1 and
rtrequest{,1} so users don't need to care about it while
users must call rt_unref to an obtained rtentry after using it.

rtfree is removed and we use rt_unref and rt_free instead.
rt_unref now just decrements the counter of a given rtentry
and rt_free just tries to destroy a given rtentry.

See the next section for destructions of rtentries by rt_free.

Destructions of rtentries
-------------------------

We destroy a rtentry only when we call rtrequst{,1}(RTM_DELETE);
the original implementation can destroy in any rtfree where it's
the last reference. If we use reference counting or psref, it's
easy to understand if the place that a rtentry is destroyed is
fixed.

rt_free waits for references to a given rtentry to be released
before actually destroying the rtentry. rt_free uses a condition
variable (cv_wait) (and psref_target_destroy for psref) to wait.

Unfortunately rtrequst{,1}(RTM_DELETE) can be called in softint
that we cannot use cv_wait. In that case, we have to defer the
destruction to a workqueue.

rtentry#rt_cv, rtentry#rt_psref and global variables
(see rt_free_global) are added to conduct the procedure.

Updates of rtentries
--------------------

One difficulty to use refcnt/psref instead of rwlock for rtentry
is updates of rtentries. We need an additional mechanism to
prevent readers from seeing inconsistency of a rtentry being
updated.

We introduce RTF_UPDATING flag to rtentries that are updating.
While the flag is set to a rtentry, users cannot acquire the
rtentry. By doing so, we avoid users to see inconsistent
rtentries.

There are two options when a user tries to acquire a rtentry
with the RTF_UPDATING flag; if a user runs in softint context
the user fails to acquire a rtentry (NULL is returned).
Otherwise a user waits until the update completes by waiting
on cv.

The procedure of a updater is simpler to destruction of
a rtentry. Wait on cv (and psref) and after all readers left,
proceed with the update.

Global variables (see rt_update_global) are added to conduct
the procedure.

Currently we apply the mechanism to only RTM_CHANGE in
rtsock.c. We would have to apply other codes. See
"Known issues" section.

psref for rtentry
-----------------

When we obtain a rtentry from a rtcache via rtcache_* APIs,
psref is used to reference to the rtentry.

rtcache_ref acquires a reference to a rtentry with psref
and rtcache_unref releases the reference after using it.
rtcache_ref is called inside rtcache_* APIs and users don't
need to take care of it while users must call rtcache_unref
to release the reference.

struct psref and int bound that is needed for psref is
embedded into struct route. By doing so we don't need to
add local variables and additional argument to APIs.

However this adds another constraint to psref other than
reference counting one's; holding a reference of an rtentry
via a rtcache is allowed by just one caller at the same time.
So we must not acquire a rtentry via a rtcache twice and
avoid a recursive use of a rtcache. And also a rtcache must
be arranged to be used by a LWP/softint at the same time
somehow. For IP forwarding case, we have per-CPU rtcaches
used in softint so the constraint is guaranteed. For a h
rtcache of a PCB case, the constraint is guaranteed by the
solock of each PCB. Any other cases (pf, ipf, stf and ipsec)
are currently guaranteed by only the existence of the global
locks (softnet_lock and/or KERNEL_LOCK). If we've found the
cases that we cannot guarantee the constraint, we would need
to introduce other rtcache APIs that use simple reference
counting.

psref of rtcache is created with IPL_SOFTNET and so rtcache
shouldn't used at an IPL higher than IPL_SOFTNET.

Note that rtcache_free is used to invalidate a given rtcache.
We don't need another care by my change; just keep them as
they are.

Performance impact
------------------

When NET_MPSAFE is disabled the performance drop is 3% while
when it's enabled the drop is increased to 11%. The difference
comes from that currently we don't take any global locks and
don't use psref if NET_MPSAFE is disabled.

We can optimize the performance of the case of NET_MPSAFE
on by reducing lookups of rtcache that uses psref;
currently we do two lookups but we should be able to trim
one of two. This is a future work.

Known issues
------------

There are two known issues to be solved; one is that
a caller of rtrequest(RTM_ADD) may change rtentry (see rtinit).
We need to prevent new references during the update. Or
we may be able to remove the code (perhaps, need more
investigations).

The other is rtredirect that updates a rtentry. We need
to apply our update mechanism, however it's not easy because
rtredirect is called in softint and we cannot apply our
mechanism simply. One solution is to defer rtredirect to
a workqueue but it requires some code restructuring.

Revision 1.346 / (download) - annotate - [select for diffs], Thu Dec 8 06:25:43 2016 UTC (7 years, 3 months ago) by ozaki-r
Branch: MAIN
Changes since 1.345: +18 -16 lines
Diff to previous 1.345 (colored) to selected 1.142 (colored)

Use psref for ip_rtaddr

ip_rtaddr will be sleepable soon. So use psref instead of pserialize.

Revision 1.345 / (download) - annotate - [select for diffs], Thu Dec 8 05:16:33 2016 UTC (7 years, 3 months ago) by ozaki-r
Branch: MAIN
Changes since 1.344: +14 -8 lines
Diff to previous 1.344 (colored) to selected 1.142 (colored)

Add rtcache_unref to release points of rtentry stemming from rtcache

In the MP-safe world, a rtentry stemming from a rtcache can be freed at any
points. So we need to protect rtentries somehow say by reference couting or
passive references. Regardless of the method, we need to call some release
function of a rtentry after using it.

The change adds a new function rtcache_unref to release a rtentry. At this
point, this function does nothing because for now we don't add a reference
to a rtentry when we get one from a rtcache. We will add something useful
in a further commit.

This change is a part of changes for MP-safe routing table. It is separated
to avoid one big change that makes difficult to debug by bisecting.

Revision 1.319.4.8 / (download) - annotate - [select for diffs], Mon Dec 5 10:55:28 2016 UTC (7 years, 3 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.7: +18 -15 lines
Diff to previous 1.319.4.7 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.337.2.2 / (download) - annotate - [select for diffs], Fri Nov 4 14:49:21 2016 UTC (7 years, 4 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.337.2.1: +22 -15 lines
Diff to previous 1.337.2.1 (colored) to branchpoint 1.337 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.344 / (download) - annotate - [select for diffs], Tue Oct 18 07:30:31 2016 UTC (7 years, 5 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20161104, nick-nhusb-base-20161204
Changes since 1.343: +12 -13 lines
Diff to previous 1.343 (colored) to selected 1.142 (colored)

Don't hold global locks if NET_MPSAFE is enabled

If NET_MPSAFE is enabled, don't hold KERNEL_LOCK and softnet_lock in
part of the network stack such as IP forwarding paths. The aim of the
change is to make it easy to test the network stack without the locks
and reduce our local diffs.

By default (i.e., if NET_MPSAFE isn't enabled), the locks are held
as they used to be.

Reviewed by knakahara@

Revision 1.343 / (download) - annotate - [select for diffs], Tue Oct 18 01:15:20 2016 UTC (7 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.342: +7 -3 lines
Diff to previous 1.342 (colored) to selected 1.142 (colored)

Avoid double frees of mbuf

May fix one of panicks reported by Tom Ivar Helbekkmo in PR kern/51522

Revision 1.342 / (download) - annotate - [select for diffs], Tue Oct 11 05:15:01 2016 UTC (7 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.341: +3 -3 lines
Diff to previous 1.341 (colored) to selected 1.142 (colored)

Fix kernel builds with IFA_STATS

Revision 1.319.4.7 / (download) - annotate - [select for diffs], Wed Oct 5 20:56:09 2016 UTC (7 years, 5 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.6: +101 -40 lines
Diff to previous 1.319.4.6 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.341 / (download) - annotate - [select for diffs], Wed Sep 7 15:41:44 2016 UTC (7 years, 6 months ago) by roy
Branch: MAIN
CVS Tags: nick-nhusb-base-20161004, localcount-20160914
Changes since 1.340: +5 -4 lines
Diff to previous 1.340 (colored) to selected 1.142 (colored)

Disallow input to detached addresses because they are not yet valid.

Revision 1.340 / (download) - annotate - [select for diffs], Wed Aug 31 09:14:47 2016 UTC (7 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.339: +22 -8 lines
Diff to previous 1.339 (colored) to selected 1.142 (colored)

Make ipforward_rt and ip6_forward_rt percpu

Sharing one rtcache between CPUs is just a bad idea.

Reviewed by knakahara@

Revision 1.337.2.1 / (download) - annotate - [select for diffs], Sat Aug 6 00:19:10 2016 UTC (7 years, 7 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.337: +78 -32 lines
Diff to previous 1.337 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.339 / (download) - annotate - [select for diffs], Mon Aug 1 03:15:30 2016 UTC (7 years, 7 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20160806
Changes since 1.338: +77 -31 lines
Diff to previous 1.338 (colored) to selected 1.142 (colored)

Apply pserialize and psref to struct ifaddr and its variants

This change makes struct ifaddr and its variants (in_ifaddr and in6_ifaddr)
MP-safe by using pserialize and psref. At this moment, pserialize_perform
and psref_target_destroy are disabled because (1) we don't need them
because of softnet_lock (2) they cause a deadlock because of softnet_lock.
So we'll enable them when we remove softnet_lock in the future.

Revision 1.338 / (download) - annotate - [select for diffs], Tue Jul 26 08:34:55 2016 UTC (7 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.337: +3 -3 lines
Diff to previous 1.337 (colored) to selected 1.142 (colored)

Fix downmatch increment

Revision 1.319.4.6 / (download) - annotate - [select for diffs], Sat Jul 9 20:25:22 2016 UTC (7 years, 8 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.5: +162 -100 lines
Diff to previous 1.319.4.5 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.337 / (download) - annotate - [select for diffs], Fri Jul 8 06:15:33 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-base, pgoyette-localcount-20160726, nick-nhusb-base-20160907
Branch point for: pgoyette-localcount
Changes since 1.336: +4 -4 lines
Diff to previous 1.336 (colored) to selected 1.142 (colored)

CID 1363344: remove dead code

We may need to reconsider a case when m_get_rcvif_psref returns NULL.

Revision 1.336 / (download) - annotate - [select for diffs], Thu Jul 7 09:32:02 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.335: +3 -3 lines
Diff to previous 1.335 (colored) to selected 1.142 (colored)

Switch the address list of intefaces to pslist(9)

As usual, we leave the old list to avoid breaking kvm(3) users.

Revision 1.335 / (download) - annotate - [select for diffs], Wed Jul 6 08:42:34 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.334: +3 -4 lines
Diff to previous 1.334 (colored) to selected 1.142 (colored)

Switch the IPv4 address list to pslist(9)

Note that we leave the old list just in case; it seems there are some
kvm(3) users accessing the list. We can remove it later if we confirmed
nobody does actually.

Revision 1.334 / (download) - annotate - [select for diffs], Wed Jul 6 05:27:52 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.333: +3 -3 lines
Diff to previous 1.333 (colored) to selected 1.142 (colored)

Add and use pslist(9)-based hashtable for IPv4 addresses

Note that we leave the old hashtable to keep vmstat -H working.

Revision 1.333 / (download) - annotate - [select for diffs], Mon Jul 4 08:10:50 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.332: +88 -57 lines
Diff to previous 1.332 (colored) to selected 1.142 (colored)

Separate IP address matching functions

No functional change intended.

Revision 1.332 / (download) - annotate - [select for diffs], Thu Jun 30 06:56:27 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.331: +24 -28 lines
Diff to previous 1.331 (colored) to selected 1.142 (colored)

Tidy up goto lables

No functional change.

Revision 1.331 / (download) - annotate - [select for diffs], Thu Jun 30 06:48:58 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.330: +3 -2 lines
Diff to previous 1.330 (colored) to selected 1.142 (colored)

Fix error paths

Some error paths did m_put_rcvif_psref twice.

Revision 1.330 / (download) - annotate - [select for diffs], Tue Jun 28 02:02:56 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.329: +12 -2 lines
Diff to previous 1.329 (colored) to selected 1.142 (colored)

Add missing NULL checks for m_get_rcvif_psref

Revision 1.329 / (download) - annotate - [select for diffs], Fri Jun 10 13:31:44 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.328: +46 -21 lines
Diff to previous 1.328 (colored) to selected 1.142 (colored)

Avoid storing a pointer of an interface in a mbuf

Having a pointer of an interface in a mbuf isn't safe if we remove big
kernel locks; an interface object (ifnet) can be destroyed anytime in any
packet processing and accessing such object via a pointer is racy. Instead
we have to get an object from the interface collection (ifindex2ifnet) via
an interface index (if_index) that is stored to a mbuf instead of an
pointer.

The change provides two APIs: m_{get,put}_rcvif_psref that use psref(9)
for sleep-able critical sections and m_{get,put}_rcvif that use
pserialize(9) for other critical sections. The change also adds another
API called m_get_rcvif_NOMPSAFE, that is NOT MP-safe and for transition
moratorium, i.e., it is intended to be used for places where are not
planned to be MP-ified soon.

The change adds some overhead due to psref to performance sensitive paths,
however the overhead is not serious, 2% down at worst.

Proposed on tech-kern and tech-net.

Revision 1.319.4.5 / (download) - annotate - [select for diffs], Sat Mar 19 11:30:33 2016 UTC (8 years ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.4: +2 -11 lines
Diff to previous 1.319.4.4 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.328 / (download) - annotate - [select for diffs], Thu Jan 21 15:41:30 2016 UTC (8 years, 1 month ago) by riastradh
Branch: MAIN
CVS Tags: nick-nhusb-base-20160529, nick-nhusb-base-20160422, nick-nhusb-base-20160319
Changes since 1.327: +7 -17 lines
Diff to previous 1.327 (colored) to selected 1.142 (colored)

Revert previous: ran cvs commit when I meant cvs diff.  Sorry!

Hit up-arrow one too few times.

Revision 1.327 / (download) - annotate - [select for diffs], Thu Jan 21 15:27:48 2016 UTC (8 years, 1 month ago) by riastradh
Branch: MAIN
Changes since 1.326: +19 -9 lines
Diff to previous 1.326 (colored) to selected 1.142 (colored)

Give proper prototype to ip_output.

Revision 1.326 / (download) - annotate - [select for diffs], Fri Jan 8 03:55:39 2016 UTC (8 years, 2 months ago) by knakahara
Branch: MAIN
Changes since 1.325: +2 -11 lines
Diff to previous 1.325 (colored) to selected 1.142 (colored)

eliminate ip_input.c and ip6_input.c dependency on gif(4)

Revision 1.319.4.4 / (download) - annotate - [select for diffs], Sun Dec 27 12:10:07 2015 UTC (8 years, 2 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.3: +4 -2 lines
Diff to previous 1.319.4.3 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD (as of 26th Dec)

Revision 1.325 / (download) - annotate - [select for diffs], Tue Oct 13 09:46:42 2015 UTC (8 years, 5 months ago) by roy
Branch: MAIN
CVS Tags: nick-nhusb-base-20151226
Changes since 1.324: +4 -2 lines
Diff to previous 1.324 (colored) to selected 1.142 (colored)

Include arp.h to restore the sysctl net.inet.ip.dad_count.
Fixes PR kern/49883 thanks to HITOSHI Osada.

Revision 1.319.4.3 / (download) - annotate - [select for diffs], Tue Sep 22 12:06:11 2015 UTC (8 years, 5 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.2: +5 -3 lines
Diff to previous 1.319.4.2 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.324 / (download) - annotate - [select for diffs], Mon Aug 24 22:21:26 2015 UTC (8 years, 6 months ago) by pooka
Branch: MAIN
CVS Tags: nick-nhusb-base-20150921
Changes since 1.323: +4 -2 lines
Diff to previous 1.323 (colored) to selected 1.142 (colored)

sprinkle _KERNEL_OPT

Revision 1.323 / (download) - annotate - [select for diffs], Fri Aug 7 08:11:33 2015 UTC (8 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.322: +3 -3 lines
Diff to previous 1.322 (colored) to selected 1.142 (colored)

Use time_uptime instead of time_second to avoid time leaps

Some codes in sys/net* use time_second to manage time periods such as
cache expirations. However, time_second doesn't increase monotonically
and can leap by say settimeofday(2) according to time_second(9). We
should use time_uptime instead of it to avoid such time leaps.

This change replaces time_second with time_uptime. Additionally it
converts a time based on time_uptime to a time based on time_second
when the kernel passes the time to userland programs that expect
the latter, and vice versa.

Note that we shouldn't leak time_uptime to other hosts over the
netowrk. My investigation shows there is no such leak:
http://mail-index.netbsd.org/tech-net/2015/08/06/msg005332.html

Discussed on tech-kern and tech-net.

Revision 1.319.4.2 / (download) - annotate - [select for diffs], Sat Jun 6 14:40:25 2015 UTC (8 years, 9 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319.4.1: +17 -3 lines
Diff to previous 1.319.4.1 (colored) to branchpoint 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.322 / (download) - annotate - [select for diffs], Sat May 2 20:22:12 2015 UTC (8 years, 10 months ago) by joerg
Branch: MAIN
CVS Tags: nick-nhusb-base-20150606
Changes since 1.321: +4 -2 lines
Diff to previous 1.321 (colored) to selected 1.142 (colored)

Fix !ARP build.

Revision 1.321 / (download) - annotate - [select for diffs], Sat May 2 14:41:32 2015 UTC (8 years, 10 months ago) by roy
Branch: MAIN
Changes since 1.320: +15 -3 lines
Diff to previous 1.320 (colored) to selected 1.142 (colored)

Add IPv4 address flags IN_IFF_TENTATIVE, IN_IFF_DUPLICATED and
IN_IFF_DETATCHED to mimic the IPv6 address behaviour.
Add SIOCGIFAFLAG_IN ioctl to retrieve the address flag via the
ifreq structure.
Add IPv4 DAD detection via the ARP methods described in RFC 5227.
Add sysctls net.inet.ip.dad_count and net.inet.arp.debug.

Discussed on tech-net@

Revision 1.319.4.1 / (download) - annotate - [select for diffs], Mon Apr 6 15:18:23 2015 UTC (8 years, 11 months ago) by skrll
Branch: nick-nhusb
Changes since 1.319: +27 -19 lines
Diff to previous 1.319 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.320 / (download) - annotate - [select for diffs], Thu Mar 26 04:05:58 2015 UTC (8 years, 11 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20150406
Changes since 1.319: +27 -19 lines
Diff to previous 1.319 (colored) to selected 1.142 (colored)

Tidy up the regular path of ip_forward

No functional change is intended.

Revision 1.302.2.3 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:35 2014 UTC (9 years, 7 months ago) by tls
Branch: tls-maxphys
Changes since 1.302.2.2: +167 -302 lines
Diff to previous 1.302.2.2 (colored) to branchpoint 1.302 (colored) to selected 1.142 (colored)

Rebase to HEAD as of a few days ago.

Revision 1.310.2.1 / (download) - annotate - [select for diffs], Sun Aug 10 06:56:25 2014 UTC (9 years, 7 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.310: +159 -296 lines
Diff to previous 1.310 (colored) next main 1.311 (colored) to selected 1.142 (colored)

Rebase.

Revision 1.319 / (download) - annotate - [select for diffs], Mon Jun 16 00:33:39 2014 UTC (9 years, 9 months ago) by ozaki-r
Branch: MAIN
CVS Tags: tls-maxphys-base, tls-earlyentropy-base, nick-nhusb-base, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-1-RELEASE, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE
Branch point for: nick-nhusb, netbsd-7-1, netbsd-7-0, netbsd-7
Changes since 1.318: +3 -3 lines
Diff to previous 1.318 (colored) to selected 1.142 (colored)

Add 3rd argument to pktq_create to pass sc

It will be used to pass bridge sc for bridge_forward softint.

ok rmind@

Revision 1.318 / (download) - annotate - [select for diffs], Thu Jun 5 23:48:16 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.317: +91 -63 lines
Diff to previous 1.317 (colored) to selected 1.142 (colored)

- Implement pktqueue interface for lockless IP input queue.
- Replace ipintrq and ip6intrq with the pktqueue mechanism.
- Eliminate kernel-lock from ipintr() and ip6intr().
- Some preparation work to push softnet_lock out of ipintr().

Discussed on tech-net.

Revision 1.317 / (download) - annotate - [select for diffs], Fri May 30 01:39:03 2014 UTC (9 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.316: +9 -6 lines
Diff to previous 1.316 (colored) to selected 1.142 (colored)

Introduce 2 new variables: ipsec_enabled and ipsec_used.
Ipsec enabled is controlled by sysctl and determines if is allowed.
ipsec_used is set automatically based on ipsec being enabled, and
rules existing.

Revision 1.316 / (download) - annotate - [select for diffs], Thu May 29 23:02:48 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.315: +3 -5 lines
Diff to previous 1.315 (colored) to selected 1.142 (colored)

Make IGMP and multicast group management code MP-safe.  Use a read-write
lock to protect the hash table of multicast address records; also, make it
private and eliminate some macros.  In the long term, the lookup path ought
to be optimised.

Revision 1.315 / (download) - annotate - [select for diffs], Wed May 28 19:19:33 2014 UTC (9 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.314: +4 -4 lines
Diff to previous 1.314 (colored) to selected 1.142 (colored)

CID 12164{49,51}: Remove bogus ifp == NULL checks; if ifp was really NULL,
we would have been dead a few lines before the tests.

Revision 1.314 / (download) - annotate - [select for diffs], Fri May 23 23:38:48 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.313: +21 -25 lines
Diff to previous 1.313 (colored) to selected 1.142 (colored)

ip_input(), ip_savecontrol(): cache m->m_pkthdr.rcvif in a variable.

Revision 1.313 / (download) - annotate - [select for diffs], Fri May 23 19:35:24 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.312: +4 -3 lines
Diff to previous 1.312 (colored) to selected 1.142 (colored)

Make ip_forward() static, there is no need to expose it.

Revision 1.312 / (download) - annotate - [select for diffs], Fri May 23 19:27:48 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.311: +4 -3 lines
Diff to previous 1.311 (colored) to selected 1.142 (colored)

Make ip_input() static, there is no need to expose it.

Revision 1.311 / (download) - annotate - [select for diffs], Thu May 22 22:01:12 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.310: +47 -211 lines
Diff to previous 1.310 (colored) to selected 1.142 (colored)

- Add in_init() and move some functions, variables and sysctls into in.c
  where they belong to.  Make some functions and variables static.
- ip_input.c: reduce some #ifdefs, cleanup a little.
- Move some sysctls into ip_flow.c as they belong there.

No functional change.

Revision 1.296.2.4 / (download) - annotate - [select for diffs], Thu May 22 11:41:09 2014 UTC (9 years, 9 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.296.2.3: +43 -160 lines
Diff to previous 1.296.2.3 (colored) to branchpoint 1.296 (colored) next main 1.297 (colored) to selected 1.142 (colored)

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs.  ("Protocol error: too many arguments")

Revision 1.307.2.3 / (download) - annotate - [select for diffs], Sun May 18 17:46:13 2014 UTC (9 years, 10 months ago) by rmind
Branch: rmind-smpnet
Changes since 1.307.2.2: +0 -5 lines
Diff to previous 1.307.2.2 (colored) next main 1.308 (colored) to selected 1.142 (colored)

sync with head

Revision 1.310 / (download) - annotate - [select for diffs], Wed Mar 19 08:27:21 2014 UTC (10 years ago) by liamjfoy
Branch: MAIN
CVS Tags: yamt-pagecache-base9, rmind-smpnet-nbase, rmind-smpnet-base, riastradh-xf86-video-intel-2-7-1-pre-2-21-15
Branch point for: tls-earlyentropy
Changes since 1.309: +3 -3 lines
Diff to previous 1.309 (colored) to selected 1.142 (colored)

Remove ipflow_prune and replace with ipflow_reap. ok rmind@

Revision 1.309 / (download) - annotate - [select for diffs], Tue Feb 25 18:30:12 2014 UTC (10 years ago) by pooka
Branch: MAIN
CVS Tags: riastradh-drm2-base3
Changes since 1.308: +2 -7 lines
Diff to previous 1.308 (colored) to selected 1.142 (colored)

Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.

Revision 1.307.2.2 / (download) - annotate - [select for diffs], Wed Aug 28 23:59:36 2013 UTC (10 years, 6 months ago) by rmind
Branch: rmind-smpnet
Changes since 1.307.2.1: +6 -17 lines
Diff to previous 1.307.2.1 (colored) to selected 1.142 (colored)

sync with head

Revision 1.307.2.1 / (download) - annotate - [select for diffs], Wed Jul 17 03:16:31 2013 UTC (10 years, 8 months ago) by rmind
Branch: rmind-smpnet
Changes since 1.307: +52 -217 lines
Diff to previous 1.307 (colored) to selected 1.142 (colored)

Checkpoint work in progress:
- Move PCB structures under __INPCB_PRIVATE, adjust most of the callers
  and thus make IPv4 PCB structures mostly opaque.  Any volunteers for
  merging in6pcb with inpcb (see rpaulo-netinet-merge-pcb branch)?
- Move various global vars to the modules where they belong, make them static.
- Some preliminary work for IPv4 PCB locking scheme.
- Make raw IP code mostly MP-safe.  Simplify some of it.
- Rework "fast" IP forwarding (ipflow) code to be mostly MP-safe.  It should
  run from a software interrupt, rather than hard.
- Rework tun(4) pseudo interface to be MP-safe.
- Work towards making some other interfaces more strict.

Revision 1.308 / (download) - annotate - [select for diffs], Sat Jun 29 21:06:58 2013 UTC (10 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2
Changes since 1.307: +6 -17 lines
Diff to previous 1.307 (colored) to selected 1.142 (colored)

- Rewrite parts of pfil(9): use array to store hooks and thus be more cache
  friendly (there are only few hooks in the system).  Make the structures
  opaque and the interface more strict.
- Remove PFIL_HOOKS option by making pfil(9) mandatory.

Revision 1.307 / (download) - annotate - [select for diffs], Thu Jun 27 20:17:36 2013 UTC (10 years, 8 months ago) by christos
Branch: MAIN
Branch point for: rmind-smpnet
Changes since 1.306: +4 -4 lines
Diff to previous 1.306 (colored) to selected 1.142 (colored)

flip src/dst

Revision 1.306 / (download) - annotate - [select for diffs], Thu Jun 27 19:38:16 2013 UTC (10 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.305: +20 -2 lines
Diff to previous 1.305 (colored) to selected 1.142 (colored)

implement IP_PKTINFO and IP_RECVPKTINFO.

Revision 1.302.2.2 / (download) - annotate - [select for diffs], Sun Jun 23 06:20:25 2013 UTC (10 years, 8 months ago) by tls
Branch: tls-maxphys
Changes since 1.302.2.1: +20 -139 lines
Diff to previous 1.302.2.1 (colored) to branchpoint 1.302 (colored) to selected 1.142 (colored)

resync from head

Revision 1.305 / (download) - annotate - [select for diffs], Sat Jun 8 13:50:22 2013 UTC (10 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.304: +16 -135 lines
Diff to previous 1.304 (colored) to selected 1.142 (colored)

Split IPsec code in ip_input() and ip_forward() into the separate routines
ipsec4_input() and ipsec4_forward().  Tested by christos@.

Revision 1.304 / (download) - annotate - [select for diffs], Wed Jun 5 19:01:26 2013 UTC (10 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.303: +13 -13 lines
Diff to previous 1.303 (colored) to selected 1.142 (colored)

IPSEC has not come in two speeds for a long time now (IPSEC == kame,
FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.

Revision 1.302.2.1 / (download) - annotate - [select for diffs], Mon Feb 25 00:30:04 2013 UTC (11 years ago) by tls
Branch: tls-maxphys
Changes since 1.302: +9 -3 lines
Diff to previous 1.302 (colored) to selected 1.142 (colored)

resync with head

Revision 1.296.2.3 / (download) - annotate - [select for diffs], Wed Jan 16 05:33:49 2013 UTC (11 years, 2 months ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.296.2.2: +9 -3 lines
Diff to previous 1.296.2.2 (colored) to branchpoint 1.296 (colored) to selected 1.142 (colored)

sync with (a bit old) head

Revision 1.303 / (download) - annotate - [select for diffs], Thu Nov 29 02:07:20 2012 UTC (11 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base8, yamt-pagecache-base7, khorben-n900, agc-symver-base, agc-symver
Changes since 1.302: +9 -3 lines
Diff to previous 1.302 (colored) to selected 1.142 (colored)

Add a new sysctl to mark ports as reserved, so that they are not used in
the anonymous or reserved port allocation.

Revision 1.296.2.2 / (download) - annotate - [select for diffs], Tue Oct 30 17:22:46 2012 UTC (11 years, 4 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.296.2.1: +25 -3 lines
Diff to previous 1.296.2.1 (colored) to branchpoint 1.296 (colored) to selected 1.142 (colored)

sync with head

Revision 1.302 / (download) - annotate - [select for diffs], Mon Jun 25 15:28:39 2012 UTC (11 years, 8 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base6
Branch point for: tls-maxphys
Changes since 1.301: +9 -9 lines
Diff to previous 1.301 (colored) to selected 1.142 (colored)

rename rfc6056 -> portalgo, requested by yamt

Revision 1.301 / (download) - annotate - [select for diffs], Fri Jun 22 14:54:35 2012 UTC (11 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.300: +24 -2 lines
Diff to previous 1.300 (colored) to selected 1.142 (colored)

PR/46602: Move the rfc6056 port randomization to the IP layer.

Revision 1.300 / (download) - annotate - [select for diffs], Sat Jun 2 21:36:47 2012 UTC (11 years, 9 months ago) by dsl
Branch: MAIN
Changes since 1.299: +3 -3 lines
Diff to previous 1.299 (colored) to selected 1.142 (colored)

Add some pre-processor magic to verify that the type of the data item
  passed to sysctl_createv() actually matches the declared type for
  the item itself.
In the places where the caller specifies a function and a structure
  address (typically the 'softc') an explicit (void *) cast is now needed.
Fixes bugs in sys/dev/acpi/asus_acpi.c sys/dev/bluetooth/bcsp.c
  sys/kern/vfs_bio.c sys/miscfs/syncfs/sync_subr.c and setting
  AcpiGbl_EnableAmlDebugObject.
(mostly passing the address of a uint64_t when typed as CTLTYPE_INT).
I've test built quite a few kernels, but there may be some unfixed MD
  fallout. Most likely passing &char[] to char *.
Also add CTLFLAG_UNSIGNED for unsiged decimals - not set yet.

Revision 1.296.2.1 / (download) - annotate - [select for diffs], Tue Apr 17 00:08:40 2012 UTC (11 years, 11 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.296: +6 -40 lines
Diff to previous 1.296 (colored) to selected 1.142 (colored)

sync with head

Revision 1.296.6.2 / (download) - annotate - [select for diffs], Thu Apr 5 21:33:43 2012 UTC (11 years, 11 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.296.6.1: +5 -39 lines
Diff to previous 1.296.6.1 (colored) to branchpoint 1.296 (colored) next main 1.297 (colored) to selected 1.142 (colored)

sync to latest -current.

Revision 1.299 / (download) - annotate - [select for diffs], Thu Mar 22 20:34:39 2012 UTC (11 years, 11 months ago) by drochner
Branch: MAIN
CVS Tags: yamt-pagecache-base5, yamt-pagecache-base4, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base10
Changes since 1.298: +5 -39 lines
Diff to previous 1.298 (colored) to selected 1.142 (colored)

remove KAME IPSEC, replaced by FAST_IPSEC

Revision 1.296.6.1 / (download) - annotate - [select for diffs], Sat Feb 18 07:35:39 2012 UTC (12 years, 1 month ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.296: +11 -11 lines
Diff to previous 1.296 (colored) to selected 1.142 (colored)

merge to -current.

Revision 1.298 / (download) - annotate - [select for diffs], Mon Jan 9 14:31:22 2012 UTC (12 years, 2 months ago) by liamjfoy
Branch: MAIN
CVS Tags: netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base2
Branch point for: netbsd-6-1, netbsd-6-0, netbsd-6
Changes since 1.297: +3 -3 lines
Diff to previous 1.297 (colored) to selected 1.142 (colored)

check against NULL

Revision 1.297 / (download) - annotate - [select for diffs], Mon Dec 19 11:59:56 2011 UTC (12 years, 3 months ago) by drochner
Branch: MAIN
Changes since 1.296: +10 -10 lines
Diff to previous 1.296 (colored) to selected 1.142 (colored)

rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.

Revision 1.296 / (download) - annotate - [select for diffs], Wed Aug 31 18:31:03 2011 UTC (12 years, 6 months ago) by plunky
Branch: MAIN
CVS Tags: yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, jmcneill-usbmp-pre-base2, jmcneill-usbmp-base, jmcneill-audiomp3-base, jmcneill-audiomp3
Branch point for: yamt-pagecache, jmcneill-usbmp
Changes since 1.295: +3 -3 lines
Diff to previous 1.295 (colored) to selected 1.142 (colored)

NULL does not need a cast

Revision 1.293.2.1 / (download) - annotate - [select for diffs], Mon Jun 6 09:09:55 2011 UTC (12 years, 9 months ago) by jruoho
Branch: jruoho-x86intr
Changes since 1.293: +20 -5 lines
Diff to previous 1.293 (colored) next main 1.294 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.284.4.4 / (download) - annotate - [select for diffs], Tue May 31 03:05:07 2011 UTC (12 years, 9 months ago) by rmind
Branch: rmind-uvmplock
Changes since 1.284.4.3: +17 -0 lines
Diff to previous 1.284.4.3 (colored) to branchpoint 1.284 (colored) next main 1.285 (colored) to selected 1.142 (colored)

sync with head

Revision 1.295 / (download) - annotate - [select for diffs], Tue May 3 17:44:31 2011 UTC (12 years, 10 months ago) by dyoung
Branch: MAIN
CVS Tags: rmind-uvmplock-nbase, rmind-uvmplock-base, cherry-xenmp-base, cherry-xenmp
Changes since 1.294: +19 -2 lines
Diff to previous 1.294 (colored) to selected 1.142 (colored)

*_drain() routines may be called with locks held, so instead of doing
any work in *_drain(), set a drain-needed flag.  Do the work in the
fasttimo handler.

Contributed by Coyote Point Systems, Inc.

Revision 1.284.4.3 / (download) - annotate - [select for diffs], Thu Apr 21 01:42:14 2011 UTC (12 years, 11 months ago) by rmind
Branch: rmind-uvmplock
Changes since 1.284.4.2: +1 -3 lines
Diff to previous 1.284.4.2 (colored) to branchpoint 1.284 (colored) to selected 1.142 (colored)

sync with head

Revision 1.294 / (download) - annotate - [select for diffs], Thu Apr 14 20:32:04 2011 UTC (12 years, 11 months ago) by dyoung
Branch: MAIN
Changes since 1.293: +3 -5 lines
Diff to previous 1.293 (colored) to selected 1.142 (colored)

In ipintr(), don't overwrite ipintrq.ifq_maxlen with IFQ_MAXLEN.

Initialize ipintrq.ifq_maxlen using IFQ_MAXLEN directly instead of using
the global ipqmaxlen.  Get rid of the global ipqmaxlen.

Now it works again to override the maximum IP queue length with, for
example, sysctl -w net.inet.ip.ifq.maxlen=5.

Revision 1.284.4.2 / (download) - annotate - [select for diffs], Sat Mar 5 20:55:57 2011 UTC (13 years ago) by rmind
Branch: rmind-uvmplock
Changes since 1.284.4.1: +22 -594 lines
Diff to previous 1.284.4.1 (colored) to branchpoint 1.284 (colored) to selected 1.142 (colored)

sync with head

Revision 1.275.4.1.8.2 / (download) - annotate - [select for diffs], Fri Jan 7 03:17:44 2011 UTC (13 years, 2 months ago) by matt
Branch: matt-nb5-pq3
Changes since 1.275.4.1.8.1: +2 -4 lines
Diff to previous 1.275.4.1.8.1 (colored) to branchpoint 1.275.4.1 (colored) next main 1.276 (colored) to selected 1.142 (colored)

Backout an inadverdant change.

Revision 1.275.4.1.8.1 / (download) - annotate - [select for diffs], Fri Jan 7 03:16:14 2011 UTC (13 years, 2 months ago) by matt
Branch: matt-nb5-pq3
Changes since 1.275.4.1: +4 -2 lines
Diff to previous 1.275.4.1 (colored) to selected 1.142 (colored)

If using hardware checksum offload and the packet can't be h/w checksumed
(for whatever reason, some hardware is stupid) allow the driver to calculate
the checksum instead.

Revision 1.293 / (download) - annotate - [select for diffs], Mon Dec 13 14:18:50 2010 UTC (13 years, 3 months ago) by matt
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231, jruoho-x86intr-base, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2
Branch point for: jruoho-x86intr
Changes since 1.292: +2 -4 lines
Diff to previous 1.292 (colored) to selected 1.142 (colored)

Back out rev that shouldn't have been committed.

Revision 1.292 / (download) - annotate - [select for diffs], Sat Dec 11 22:37:46 2010 UTC (13 years, 3 months ago) by matt
Branch: MAIN
Changes since 1.291: +4 -2 lines
Diff to previous 1.291 (colored) to selected 1.142 (colored)

Add routines to calculate a checkesum if the driver concludes that the
h/w can't do it.

Revision 1.284.2.3 / (download) - annotate - [select for diffs], Sat Nov 6 08:08:49 2010 UTC (13 years, 4 months ago) by uebayasi
Branch: uebayasi-xip
Changes since 1.284.2.2: +10 -46 lines
Diff to previous 1.284.2.2 (colored) to branchpoint 1.284 (colored) next main 1.285 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.291 / (download) - annotate - [select for diffs], Fri Nov 5 01:35:57 2010 UTC (13 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: uebayasi-xip-base4
Changes since 1.290: +4 -3 lines
Diff to previous 1.290 (colored) to selected 1.142 (colored)

ip_randomid: make mechanism MP-safe and more modular.

OK matt@

Revision 1.290 / (download) - annotate - [select for diffs], Fri Nov 5 00:21:51 2010 UTC (13 years, 4 months ago) by rmind
Branch: MAIN
Changes since 1.289: +8 -45 lines
Diff to previous 1.289 (colored) to selected 1.142 (colored)

ip_reass_packet: finish abstraction; some clean-up.
Discussed some time ago with matt@.

Revision 1.284.2.2 / (download) - annotate - [select for diffs], Tue Aug 17 06:47:46 2010 UTC (13 years, 7 months ago) by uebayasi
Branch: uebayasi-xip
Changes since 1.284.2.1: +41 -577 lines
Diff to previous 1.284.2.1 (colored) to branchpoint 1.284 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.268.2.6 / (download) - annotate - [select for diffs], Wed Aug 11 22:54:56 2010 UTC (13 years, 7 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.268.2.5: +64 -582 lines
Diff to previous 1.268.2.5 (colored) to branchpoint 1.268 (colored) next main 1.269 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.289 / (download) - annotate - [select for diffs], Mon Jul 19 14:09:45 2010 UTC (13 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-nfs-mp-base11, yamt-nfs-mp-base10, uebayasi-xip-base3, uebayasi-xip-base2
Changes since 1.288: +29 -53 lines
Diff to previous 1.288 (colored) to selected 1.142 (colored)

Abstract IP reassembly into single generic routine - ip_reass_packet().
Make struct ipq private and struct ipqent not visible to userland.
Push ip_len adjustment into reassembly layer.

OK matt@

Revision 1.288 / (download) - annotate - [select for diffs], Tue Jul 13 22:16:10 2010 UTC (13 years, 8 months ago) by rmind
Branch: MAIN
Changes since 1.287: +30 -541 lines
Diff to previous 1.287 (colored) to selected 1.142 (colored)

Split-off IPv4 re-assembly mechanism into a separate module.  Abstract
into ip_reass_init(), ip_reass_lookup(), etc (note: abstraction is not
yet complete).  No functional changes to the actual mechanism.

OK matt@

Revision 1.287 / (download) - annotate - [select for diffs], Fri Jul 9 18:42:46 2010 UTC (13 years, 8 months ago) by rmind
Branch: MAIN
Changes since 1.286: +35 -36 lines
Diff to previous 1.286 (colored) to selected 1.142 (colored)

ip_input: move lookup for fragment queue a little bit further.  OK matt@.

Revision 1.284.4.1 / (download) - annotate - [select for diffs], Sun May 30 05:18:02 2010 UTC (13 years, 9 months ago) by rmind
Branch: rmind-uvmplock
Changes since 1.284: +23 -5 lines
Diff to previous 1.284 (colored) to selected 1.142 (colored)

sync with head

Revision 1.284.2.1 / (download) - annotate - [select for diffs], Fri Apr 30 14:44:21 2010 UTC (13 years, 10 months ago) by uebayasi
Branch: uebayasi-xip
Changes since 1.284: +23 -5 lines
Diff to previous 1.284 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.286 / (download) - annotate - [select for diffs], Thu Apr 1 01:23:32 2010 UTC (13 years, 11 months ago) by tls
Branch: MAIN
CVS Tags: uebayasi-xip-base1
Changes since 1.285: +23 -7 lines
Diff to previous 1.285 (colored) to selected 1.142 (colored)

As suggested by at least 3 different people (the guilty parties know who
they are) avoid repeated kernel_lock/unlock by using an intrq on the stack.

About 5%-10% better from run to run, on my *very* simpleminded test.  Can't
possibly be worse.

Revision 1.285 / (download) - annotate - [select for diffs], Wed Mar 31 07:31:15 2010 UTC (13 years, 11 months ago) by tls
Branch: MAIN
Changes since 1.284: +4 -2 lines
Diff to previous 1.284 (colored) to selected 1.142 (colored)

Don't hold kernel lock across call to ip_input() -- it blocked *all*
hardware interrupts for the length of time it took for all dequeued
packets to flow up the stack (on multiprocessors only).  Initial testing
shows performance impact is minimal -- since this temporary fix actually
means taking/releasing the kernel lock per-packet, that seems
acceptable.

Holding the kernel lock across the ip_input() call duplicated the
exclusion intended to be provided by the socket locks/softnet lock
(same lock, for INET/INET6 sockets) and could mask serious bugs.  Several
hours' testing didn't turn any up but I'd be surprised if some don't now
appear.

Damon Permezel noticed the problem.  Temporary fix suggested by matt@.

Revision 1.268.2.5 / (download) - annotate - [select for diffs], Thu Mar 11 15:04:28 2010 UTC (14 years ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.268.2.4: +8 -3 lines
Diff to previous 1.268.2.4 (colored) to branchpoint 1.268 (colored) to selected 1.142 (colored)

sync with head

Revision 1.284 / (download) - annotate - [select for diffs], Wed Sep 16 15:23:05 2009 UTC (14 years, 6 months ago) by pooka
Branch: MAIN
CVS Tags: yamt-nfs-mp-base9, uebayasi-xip-base, matt-premerge-20091211, jym-xensuspend-nbase
Branch point for: uebayasi-xip, rmind-uvmplock
Changes since 1.283: +8 -3 lines
Diff to previous 1.283 (colored) to selected 1.142 (colored)

Replace a large number of link set based sysctl node creations with
calls from subsystem constructors.  Benefits both future kernel
modules and rump.

no change to sysctl nodes on i386/MONOLITHIC & build tested i386/ALL

Revision 1.268.2.4 / (download) - annotate - [select for diffs], Wed Aug 19 18:48:24 2009 UTC (14 years, 7 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.268.2.3: +6 -6 lines
Diff to previous 1.268.2.3 (colored) to branchpoint 1.268 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.278.2.2 / (download) - annotate - [select for diffs], Thu Jul 23 23:32:48 2009 UTC (14 years, 7 months ago) by jym
Branch: jym-xensuspend
Changes since 1.278.2.1: +12 -6 lines
Diff to previous 1.278.2.1 (colored) to branchpoint 1.278 (colored) next main 1.279 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.268.2.3 / (download) - annotate - [select for diffs], Sat Jul 18 14:53:25 2009 UTC (14 years, 8 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.268.2.2: +8 -2 lines
Diff to previous 1.268.2.2 (colored) to branchpoint 1.268 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.283 / (download) - annotate - [select for diffs], Fri Jul 17 18:09:25 2009 UTC (14 years, 8 months ago) by minskim
Branch: MAIN
CVS Tags: yamt-nfs-mp-base8, yamt-nfs-mp-base7, jymxensuspend-base
Changes since 1.282: +6 -6 lines
Diff to previous 1.282 (colored) to selected 1.142 (colored)

Delete trailing whitespace.

Revision 1.282 / (download) - annotate - [select for diffs], Thu Jul 16 04:09:51 2009 UTC (14 years, 8 months ago) by minskim
Branch: MAIN
CVS Tags: yamt-nfs-mp-base6
Changes since 1.281: +8 -2 lines
Diff to previous 1.281 (colored) to selected 1.142 (colored)

Add the IP_RECVTTL option support.

If the IP_RECVTTL option is enabled on a SOCK_DGRAM socket, the
recvmsg(2) call will return the TTL of the received datagram.  The
msg_control field in the msghdr structure points to a buffer that
contains a cmsghdr structure followed by the TTL value.

Modeled after FreeBSD implementation.

Revision 1.278.2.1 / (download) - annotate - [select for diffs], Wed May 13 17:22:28 2009 UTC (14 years, 10 months ago) by jym
Branch: jym-xensuspend
Changes since 1.278: +10 -9 lines
Diff to previous 1.278 (colored) to selected 1.142 (colored)

Sync with HEAD.

Commit is split, to avoid a "too many arguments" protocol error.

Revision 1.268.2.2 / (download) - annotate - [select for diffs], Mon May 4 08:14:17 2009 UTC (14 years, 10 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.268.2.1: +69 -33 lines
Diff to previous 1.268.2.1 (colored) to branchpoint 1.268 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.275.2.2 / (download) - annotate - [select for diffs], Tue Apr 28 07:37:22 2009 UTC (14 years, 10 months ago) by skrll
Branch: nick-hppapmap
Changes since 1.275.2.1: +10 -9 lines
Diff to previous 1.275.2.1 (colored) to branchpoint 1.275 (colored) next main 1.276 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.281 / (download) - annotate - [select for diffs], Sat Apr 18 14:58:05 2009 UTC (14 years, 11 months ago) by tsutsui
Branch: MAIN
CVS Tags: yamt-nfs-mp-base5, yamt-nfs-mp-base4, yamt-nfs-mp-base3, nick-hppapmap-base4, nick-hppapmap-base3, nick-hppapmap-base, jym-xensuspend-base
Changes since 1.280: +6 -6 lines
Diff to previous 1.280 (colored) to selected 1.142 (colored)

Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch

Revision 1.280 / (download) - annotate - [select for diffs], Wed Apr 15 20:44:25 2009 UTC (14 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.279: +6 -5 lines
Diff to previous 1.279 (colored) to selected 1.142 (colored)

Remove a few KAUTH_GENERIC_ISSUSER in favor of more descriptive
alternatives.

Discussed on tech-kern:

	http://mail-index.netbsd.org/tech-kern/2009/04/11/msg004798.html

Input from ad@, christos@, dyoung@, tsutsui@.

Okay ad@.

Revision 1.279 / (download) - annotate - [select for diffs], Wed Mar 18 17:06:52 2009 UTC (15 years ago) by cegger
Branch: MAIN
Changes since 1.278: +6 -6 lines
Diff to previous 1.278 (colored) to selected 1.142 (colored)

bcopy -> memcpy

Revision 1.275.2.1 / (download) - annotate - [select for diffs], Mon Jan 19 13:20:13 2009 UTC (15 years, 2 months ago) by skrll
Branch: nick-hppapmap
Changes since 1.275: +25 -7 lines
Diff to previous 1.275 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.278 / (download) - annotate - [select for diffs], Mon Jan 19 02:27:57 2009 UTC (15 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: nick-hppapmap-base2
Branch point for: jym-xensuspend
Changes since 1.277: +21 -3 lines
Diff to previous 1.277 (colored) to selected 1.142 (colored)

Provide compatibility to the old timeval SCM_TIMESTAMP messages.

Revision 1.262.6.5 / (download) - annotate - [select for diffs], Sat Jan 17 13:29:32 2009 UTC (15 years, 2 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.262.6.4: +4 -4 lines
Diff to previous 1.262.6.4 (colored) to branchpoint 1.262 (colored) next main 1.263 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.277 / (download) - annotate - [select for diffs], Wed Dec 17 20:51:37 2008 UTC (15 years, 3 months ago) by cegger
Branch: MAIN
CVS Tags: mjf-devfs2-base
Changes since 1.276: +5 -6 lines
Diff to previous 1.276 (colored) to selected 1.142 (colored)

kill MALLOC and FREE macros.

Revision 1.272.6.2 / (download) - annotate - [select for diffs], Sat Dec 13 01:15:27 2008 UTC (15 years, 3 months ago) by haad
Branch: haad-dm
Changes since 1.272.6.1: +3 -2 lines
Diff to previous 1.272.6.1 (colored) to branchpoint 1.272 (colored) next main 1.273 (colored) to selected 1.142 (colored)

Update haad-dm branch to haad-dm-base2.

Revision 1.275.4.1 / (download) - annotate - [select for diffs], Tue Nov 25 04:04:38 2008 UTC (15 years, 3 months ago) by snj
Branch: netbsd-5
CVS Tags: netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, matt-nb5-pq3-base, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b
Branch point for: matt-nb5-pq3
Changes since 1.275: +3 -2 lines
Diff to previous 1.275 (colored) next main 1.276 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by rmind in ticket #119):
	sys/netinet/ip_input.c: revision 1.276
ip_input: fix an IPQ "lock" leak.  (hi <matt>!)

Revision 1.276 / (download) - annotate - [select for diffs], Sun Nov 23 19:52:38 2008 UTC (15 years, 3 months ago) by rmind
Branch: MAIN
CVS Tags: haad-nbase2, haad-dm-base2, haad-dm-base, ad-audiomp2-base, ad-audiomp2
Changes since 1.275: +3 -2 lines
Diff to previous 1.275 (colored) to selected 1.142 (colored)

ip_input: fix an IPQ "lock" leak.  (hi <matt>!)

Revision 1.272.6.1 / (download) - annotate - [select for diffs], Sun Oct 19 22:17:46 2008 UTC (15 years, 5 months ago) by haad
Branch: haad-dm
Changes since 1.272: +38 -21 lines
Diff to previous 1.272 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.272.2.2 / (download) - annotate - [select for diffs], Fri Oct 10 22:35:43 2008 UTC (15 years, 5 months ago) by skrll
Branch: wrstuden-revivesa
Changes since 1.272.2.1: +9 -6 lines
Diff to previous 1.272.2.1 (colored) to branchpoint 1.272 (colored) next main 1.273 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.262.6.4 / (download) - annotate - [select for diffs], Sun Oct 5 20:11:33 2008 UTC (15 years, 5 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.262.6.3: +7 -4 lines
Diff to previous 1.262.6.3 (colored) to branchpoint 1.262 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.275 / (download) - annotate - [select for diffs], Sat Oct 4 00:09:34 2008 UTC (15 years, 5 months ago) by pooka
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-4, netbsd-5-base, matt-mips64-base2, haad-dm-base1
Branch point for: nick-hppapmap, netbsd-5
Changes since 1.274: +9 -6 lines
Diff to previous 1.274 (colored) to selected 1.142 (colored)

POOL_INIT -> pool_init

Revision 1.262.6.3 / (download) - annotate - [select for diffs], Sun Sep 28 10:40:58 2008 UTC (15 years, 5 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.262.6.2: +29 -15 lines
Diff to previous 1.262.6.2 (colored) to branchpoint 1.262 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.272.2.1 / (download) - annotate - [select for diffs], Thu Sep 18 04:37:01 2008 UTC (15 years, 6 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.272: +31 -17 lines
Diff to previous 1.272 (colored) to selected 1.142 (colored)

Sync with wrstuden-revivesa-base-2.

Revision 1.274 / (download) - annotate - [select for diffs], Fri Sep 5 13:39:12 2008 UTC (15 years, 6 months ago) by seanb
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-3, wrstuden-revivesa-base-2
Changes since 1.273: +7 -7 lines
Diff to previous 1.273 (colored) to selected 1.142 (colored)

Wrong route being consulted in one place
in ip_forward() after change to rtcache_*().
Restore previous behaviour.

Revision 1.273 / (download) - annotate - [select for diffs], Wed Aug 20 18:35:20 2008 UTC (15 years, 7 months ago) by matt
Branch: MAIN
Changes since 1.272: +26 -12 lines
Diff to previous 1.272 (colored) to selected 1.142 (colored)

Make the sysctl routines take out softnet_lock before dealing with
any data structures.

Change inet6ctlerrmap and zeroin6_addr to const.

Revision 1.236.4.2 / (download) - annotate - [select for diffs], Tue Jun 3 20:47:41 2008 UTC (15 years, 9 months ago) by skrll
Branch: wrstuden-fixsa
Changes since 1.236.4.1: +17 -16 lines
Diff to previous 1.236.4.1 (colored) to branchpoint 1.236 (colored) next main 1.237 (colored) to selected 1.142 (colored)

Sync with netbsd-4.

Revision 1.262.6.2 / (download) - annotate - [select for diffs], Mon Jun 2 13:24:24 2008 UTC (15 years, 9 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.262.6.1: +91 -65 lines
Diff to previous 1.262.6.1 (colored) to branchpoint 1.262 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.266.2.1 / (download) - annotate - [select for diffs], Sun May 18 12:35:29 2008 UTC (15 years, 10 months ago) by yamt
Branch: yamt-pf42
Changes since 1.266: +35 -55 lines
Diff to previous 1.266 (colored) next main 1.267 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.268.2.1 / (download) - annotate - [select for diffs], Fri May 16 02:25:41 2008 UTC (15 years, 10 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.268: +9 -22 lines
Diff to previous 1.268 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.272 / (download) - annotate - [select for diffs], Mon May 5 17:11:17 2008 UTC (15 years, 10 months ago) by ad
Branch: MAIN
CVS Tags: yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-nfs-mp-base2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, simonb-wapbl-nbase, simonb-wapbl-base, simonb-wapbl, hpcarm-cleanup-nbase
Branch point for: wrstuden-revivesa, haad-dm
Changes since 1.271: +6 -6 lines
Diff to previous 1.271 (colored) to selected 1.142 (colored)

- Convert hashinit() to use kmem_alloc(). The hash tables can be large
  and it's better to not have them in kmem_map.
- Convert a couple of minor items along the way to kmem_alloc().
- Fix some memory leaks.

Revision 1.271 / (download) - annotate - [select for diffs], Sun May 4 07:22:14 2008 UTC (15 years, 10 months ago) by thorpej
Branch: MAIN
Changes since 1.270: +3 -8 lines
Diff to previous 1.270 (colored) to selected 1.142 (colored)

Simplify the interface to netstat_sysctl() and allocate space for
the collated counters using kmem_alloc().

PR kern/38577

Revision 1.270 / (download) - annotate - [select for diffs], Fri May 2 13:40:32 2008 UTC (15 years, 10 months ago) by ad
Branch: MAIN
Changes since 1.269: +4 -5 lines
Diff to previous 1.269 (colored) to selected 1.142 (colored)

PR kern/38497 Out of memory allocating ksiginfo

Work around: don't acquire softnet_lock in protocol drain routines.

Revision 1.269 / (download) - annotate - [select for diffs], Mon Apr 28 20:24:09 2008 UTC (15 years, 10 months ago) by martin
Branch: MAIN
Changes since 1.268: +2 -9 lines
Diff to previous 1.268 (colored) to selected 1.142 (colored)

Remove clause 3 and 4 from TNF licenses

Revision 1.268 / (download) - annotate - [select for diffs], Thu Apr 24 11:38:37 2008 UTC (15 years, 10 months ago) by ad
Branch: MAIN
CVS Tags: yamt-nfs-mp-base
Branch point for: yamt-nfs-mp
Changes since 1.267: +27 -15 lines
Diff to previous 1.267 (colored) to selected 1.142 (colored)

Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

Revision 1.267 / (download) - annotate - [select for diffs], Wed Apr 23 06:09:04 2008 UTC (15 years, 10 months ago) by thorpej
Branch: MAIN
Changes since 1.266: +10 -29 lines
Diff to previous 1.266 (colored) to selected 1.142 (colored)

Make IPSEC and FAST_IPSEC stats per-cpu.  Use <net/net_stats.h> and
netstat_sysctl().

Revision 1.266 / (download) - annotate - [select for diffs], Sat Apr 12 05:58:22 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base
Branch point for: yamt-pf42
Changes since 1.265: +85 -39 lines
Diff to previous 1.265 (colored) to selected 1.142 (colored)

Make IP, TCP, UDP, and ICMP statistics per-CPU.  The stats are collated
when the user requests them via sysctl.

Revision 1.265 / (download) - annotate - [select for diffs], Wed Apr 9 05:14:20 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.264: +3 -3 lines
Diff to previous 1.264 (colored) to selected 1.142 (colored)

- ipflow is not used outside ip_flow.c; move its definition there.
- Make ipflow_reap() private to ip_flow.c, and introduce ipflow_prune()
  for external callers to use (avoids returning an ipflow * that is never
  actually used anyway).

Revision 1.264 / (download) - annotate - [select for diffs], Mon Apr 7 06:31:28 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.263: +37 -37 lines
Diff to previous 1.263 (colored) to selected 1.142 (colored)

Change IP stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old ipstat structure; old netstat
binaries will continue to work properly.

Revision 1.262.6.1 / (download) - annotate - [select for diffs], Thu Apr 3 12:43:08 2008 UTC (15 years, 11 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.262: +17 -16 lines
Diff to previous 1.262 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.236.2.2 / (download) - annotate - [select for diffs], Sun Mar 30 15:27:49 2008 UTC (15 years, 11 months ago) by jdc
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-newbase, wrstuden-fixsa-base
Changes since 1.236.2.1: +17 -16 lines
Diff to previous 1.236.2.1 (colored) to branchpoint 1.236 (colored) next main 1.237 (colored) to selected 1.142 (colored)

Pull up revisions:
  src/sys/netinet/ip_input.c    1.263
  src/sys/netinet/tcp_subr.c    1.225
(requested by cube in ticket #1109).

- Make sure we send a reasonable fragment size when IPSEC is configured.
  Otherwise we end up sending a dubious "0" whenever we cannot find a
  proper association for the packet.
- Reset sack_newdata along with snd_nxt to avoid improper integer
  arithmetics that lead to sending data from an incorrect place in the
  stream, making it appear as corrupted.

Patch by Michael Van Elst, based on an analysis by Michael for the IPSEC
stuff and I for the SACK issue.

Revision 1.236.2.1.4.1 / (download) - annotate - [select for diffs], Sun Mar 30 15:26:11 2008 UTC (15 years, 11 months ago) by jdc
Branch: netbsd-4-0
CVS Tags: netbsd-4-0-1-RELEASE
Changes since 1.236.2.1: +17 -16 lines
Diff to previous 1.236.2.1 (colored) next main 1.236.2.2 (colored) to selected 1.142 (colored)

Pull up revisions:
  src/sys/netinet/ip_input.c    1.263
  src/sys/netinet/tcp_subr.c    1.225
(requested by cube in ticket #1109).

- Make sure we send a reasonable fragment size when IPSEC is configured.
  Otherwise we end up sending a dubious "0" whenever we cannot find a
  proper association for the packet.
- Reset sack_newdata along with snd_nxt to avoid improper integer
  arithmetics that lead to sending data from an incorrect place in the
  stream, making it appear as corrupted.

Patch by Michael Van Elst, based on an analysis by Michael for the IPSEC
stuff and I for the SACK issue.

Revision 1.263 / (download) - annotate - [select for diffs], Thu Mar 27 00:18:56 2008 UTC (15 years, 11 months ago) by cube
Branch: MAIN
Changes since 1.262: +17 -16 lines
Diff to previous 1.262 (colored) to selected 1.142 (colored)

- Make sure we send a reasonable fragment size when IPSEC is configured.
  Otherwise we end up sending a dubious "0" whenever we cannot find a
  proper association for the packet.
- Reset sack_newdata along with snd_nxt to avoid improper integer
  arithmetics that lead to sending data from an incorrect place in the
  stream, making it appear as corrupted.

Patch by Michael Van Elst, based on an analysis by Michael for the IPSEC
stuff and I for the SACK issue.

Revision 1.251.2.3 / (download) - annotate - [select for diffs], Sun Mar 23 02:05:06 2008 UTC (16 years ago) by matt
Branch: matt-armv6
Changes since 1.251.2.2: +5 -4 lines
Diff to previous 1.251.2.2 (colored) next main 1.252 (colored) to selected 1.142 (colored)

sync with HEAD

Revision 1.254.4.4 / (download) - annotate - [select for diffs], Mon Feb 18 21:07:08 2008 UTC (16 years, 1 month ago) by mjf
Branch: mjf-devfs
Changes since 1.254.4.3: +5 -4 lines
Diff to previous 1.254.4.3 (colored) to branchpoint 1.254 (colored) next main 1.255 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.218.2.9 / (download) - annotate - [select for diffs], Mon Feb 11 15:00:04 2008 UTC (16 years, 1 month ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.8: +3 -2 lines
Diff to previous 1.218.2.8 (colored) next main 1.219 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.262 / (download) - annotate - [select for diffs], Wed Feb 6 03:20:51 2008 UTC (16 years, 1 month ago) by matt
Branch: MAIN
CVS Tags: yamt-lazymbuf-base15, yamt-lazymbuf-base14, nick-net80211-sync-base, nick-net80211-sync, mjf-devfs-base, matt-armv6-nbase, keiichi-mipv6-nbase, keiichi-mipv6-base, keiichi-mipv6, hpcarm-cleanup-base, ad-socklock-base1
Branch point for: mjf-devfs2
Changes since 1.261: +3 -2 lines
Diff to previous 1.261 (colored) to selected 1.142 (colored)

Add a new ip_id generation scheme based on a Fisher-Yates shuffle over a
sliding window.  XXX replace use of arc4random RSN.

Revision 1.218.2.8 / (download) - annotate - [select for diffs], Mon Jan 21 09:47:16 2008 UTC (16 years, 2 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.7: +33 -13 lines
Diff to previous 1.218.2.7 (colored) to selected 1.142 (colored)

sync with head

Revision 1.256.6.2 / (download) - annotate - [select for diffs], Sat Jan 19 12:15:32 2008 UTC (16 years, 2 months ago) by bouyer
Branch: bouyer-xeni386
Changes since 1.256.6.1: +2 -2 lines
Diff to previous 1.256.6.1 (colored) to branchpoint 1.256 (colored) next main 1.257 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.261 / (download) - annotate - [select for diffs], Mon Jan 14 04:19:09 2008 UTC (16 years, 2 months ago) by dyoung
Branch: MAIN
CVS Tags: bouyer-xeni386-nbase, bouyer-xeni386-base
Changes since 1.260: +4 -4 lines
Diff to previous 1.260 (colored) to selected 1.142 (colored)

Use rtcache_validate() instead of rtcache_getrt().  Shorten staircase
in in_losing().

Revision 1.251.2.2 / (download) - annotate - [select for diffs], Wed Jan 9 01:57:27 2008 UTC (16 years, 2 months ago) by matt
Branch: matt-armv6
Changes since 1.251.2.1: +42 -20 lines
Diff to previous 1.251.2.1 (colored) to selected 1.142 (colored)

sync with HEAD

Revision 1.256.6.1 / (download) - annotate - [select for diffs], Wed Jan 2 21:57:21 2008 UTC (16 years, 2 months ago) by bouyer
Branch: bouyer-xeni386
CVS Tags: bouyer-xeni386-merge1
Changes since 1.256: +33 -13 lines
Diff to previous 1.256 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.254.4.3 / (download) - annotate - [select for diffs], Thu Dec 27 00:46:29 2007 UTC (16 years, 2 months ago) by mjf
Branch: mjf-devfs
Changes since 1.254.4.2: +33 -13 lines
Diff to previous 1.254.4.2 (colored) to branchpoint 1.254 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.256.2.1 / (download) - annotate - [select for diffs], Wed Dec 26 19:57:39 2007 UTC (16 years, 2 months ago) by ad
Branch: vmlocking2
Changes since 1.256: +33 -13 lines
Diff to previous 1.256 (colored) next main 1.257 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.260 / (download) - annotate - [select for diffs], Sat Dec 22 15:41:11 2007 UTC (16 years, 3 months ago) by matt
Branch: MAIN
CVS Tags: vmlocking2-base3, matt-armv6-base
Changes since 1.259: +14 -5 lines
Diff to previous 1.259 (colored) to selected 1.142 (colored)

Fix offset calculation.
Make sure that all frags use the same TOS.

Revision 1.259 / (download) - annotate - [select for diffs], Fri Dec 21 23:49:09 2007 UTC (16 years, 3 months ago) by matt
Branch: MAIN
Changes since 1.258: +5 -4 lines
Diff to previous 1.258 (colored) to selected 1.142 (colored)

Also make sure the first is at 68 bytes long.

Revision 1.258 / (download) - annotate - [select for diffs], Fri Dec 21 18:58:55 2007 UTC (16 years, 3 months ago) by matt
Branch: MAIN
Changes since 1.257: +13 -3 lines
Diff to previous 1.257 (colored) to selected 1.142 (colored)

Prevent TCP blind data attacks by not allowing non-initial fragments to
start at less than 68 bytes (minimal fragment size).

Revision 1.257 / (download) - annotate - [select for diffs], Thu Dec 20 19:53:32 2007 UTC (16 years, 3 months ago) by dyoung
Branch: MAIN
Changes since 1.256: +10 -10 lines
Diff to previous 1.256 (colored) to selected 1.142 (colored)

Poison struct route->ro_rt uses in the kernel by changing the name
to _ro_rt.  Use rtcache_getrt() to access a route cache's struct
rtentry *.

Introduce struct ifnet->if_dl that always points at the interface
identifier/link-layer address.  Make code that treated the first
ifaddr on struct ifnet->if_addrlist as the interface address use
if_dl, instead.

Remove stale debugging code from net/route.c.  Move the rtflush()
code into rtcache_clear() and delete rtflush().  Delete rtalloc(),
because nothing uses it any more.

Make ND6_HINT an inline, lowercase subroutine, nd6_hint.

I've done my best to convert IP Filter, the ISO stack, and the
AppleTalk stack to rtcache_getrt().  They compile, but I have not
tested them.  I have given the changes to PF, GRE, IPv4 and IPv6
stacks a lot of exercise.

Revision 1.254.4.2 / (download) - annotate - [select for diffs], Sat Dec 8 18:21:13 2007 UTC (16 years, 3 months ago) by mjf
Branch: mjf-devfs
Changes since 1.254.4.1: +11 -8 lines
Diff to previous 1.254.4.1 (colored) to branchpoint 1.254 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.218.2.7 / (download) - annotate - [select for diffs], Fri Dec 7 17:34:29 2007 UTC (16 years, 3 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.6: +11 -8 lines
Diff to previous 1.218.2.6 (colored) to selected 1.142 (colored)

sync with head

Revision 1.250.4.6 / (download) - annotate - [select for diffs], Tue Nov 27 19:38:57 2007 UTC (16 years, 3 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.250.4.5: +11 -8 lines
Diff to previous 1.250.4.5 (colored) to branchpoint 1.250 (colored) next main 1.251 (colored) to selected 1.142 (colored)

Sync with HEAD. amd64 Xen support needs testing.

Revision 1.256 / (download) - annotate - [select for diffs], Mon Nov 26 08:40:46 2007 UTC (16 years, 3 months ago) by yamt
Branch: MAIN
CVS Tags: yamt-kmem-base3, yamt-kmem-base2, yamt-kmem-base, yamt-kmem, vmlocking2-base2, vmlocking2-base1, vmlocking-nbase, reinoud-bufcleanup-nbase, reinoud-bufcleanup-base, jmcneill-pm-base, cube-autoconf-base, cube-autoconf
Branch point for: vmlocking2, bouyer-xeni386
Changes since 1.255: +11 -8 lines
Diff to previous 1.255 (colored) to selected 1.142 (colored)

inetctlerrmap: use designated initializer.

Revision 1.254.4.1 / (download) - annotate - [select for diffs], Mon Nov 19 00:49:10 2007 UTC (16 years, 4 months ago) by mjf
Branch: mjf-devfs
Changes since 1.254: +2 -3 lines
Diff to previous 1.254 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.218.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 11:45:07 2007 UTC (16 years, 4 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.5: +2 -3 lines
Diff to previous 1.218.2.5 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.254.2.1 / (download) - annotate - [select for diffs], Tue Nov 13 16:02:51 2007 UTC (16 years, 4 months ago) by bouyer
Branch: bouyer-xenamd64
Changes since 1.254: +2 -3 lines
Diff to previous 1.254 (colored) next main 1.255 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.250.4.5 / (download) - annotate - [select for diffs], Sun Nov 11 16:48:31 2007 UTC (16 years, 4 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.250.4.4: +2 -3 lines
Diff to previous 1.250.4.4 (colored) to branchpoint 1.250 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.255 / (download) - annotate - [select for diffs], Fri Nov 9 06:59:33 2007 UTC (16 years, 4 months ago) by kefren
Branch: MAIN
CVS Tags: bouyer-xenamd64-base2, bouyer-xenamd64-base
Changes since 1.254: +2 -3 lines
Diff to previous 1.254 (colored) to selected 1.142 (colored)

Don't MCLAIM in ipintr() because we do it anyway in ip_input()

Revision 1.251.2.1 / (download) - annotate - [select for diffs], Tue Nov 6 23:33:49 2007 UTC (16 years, 4 months ago) by matt
Branch: matt-armv6
CVS Tags: matt-armv6-prevmlocking
Changes since 1.251: +7 -31 lines
Diff to previous 1.251 (colored) to selected 1.142 (colored)

sync with HEAD

Revision 1.218.2.5 / (download) - annotate - [select for diffs], Sat Oct 27 11:36:08 2007 UTC (16 years, 4 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.4: +2 -29 lines
Diff to previous 1.218.2.4 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.245.2.5 / (download) - annotate - [select for diffs], Tue Oct 9 13:44:50 2007 UTC (16 years, 5 months ago) by ad
Branch: vmlocking
Changes since 1.245.2.4: +7 -31 lines
Diff to previous 1.245.2.4 (colored) next main 1.246 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.253.2.1 / (download) - annotate - [select for diffs], Sat Oct 6 15:29:02 2007 UTC (16 years, 5 months ago) by yamt
Branch: yamt-x86pmap
Changes since 1.253: +2 -28 lines
Diff to previous 1.253 (colored) next main 1.254 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.250.4.4 / (download) - annotate - [select for diffs], Thu Oct 4 15:44:52 2007 UTC (16 years, 5 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.250.4.3: +2 -28 lines
Diff to previous 1.250.4.3 (colored) to branchpoint 1.250 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.254 / (download) - annotate - [select for diffs], Tue Oct 2 20:35:04 2007 UTC (16 years, 5 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-x86pmap-base4, yamt-x86pmap-base3, yamt-x86pmap-base2, vmlocking-base, jmcneill-base
Branch point for: mjf-devfs, bouyer-xenamd64
Changes since 1.253: +2 -28 lines
Diff to previous 1.253 (colored) to selected 1.142 (colored)

Delete the unused second argument to ip_stripoptions(), move it
closer to its single caller in if_eon.c, try to move fewer bytes
by moving the IP header forward instead of moving the tail of the
mbuf backward, and use m_adj(9) instead of fiddling directly with
mbuf data members.

Revision 1.250.4.3 / (download) - annotate - [select for diffs], Tue Oct 2 18:29:19 2007 UTC (16 years, 5 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.250.4.2: +2 -3 lines
Diff to previous 1.250.4.2 (colored) to branchpoint 1.250 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.236.4.1 / (download) - annotate - [select for diffs], Sun Sep 23 21:36:35 2007 UTC (16 years, 5 months ago) by wrstuden
Branch: wrstuden-fixsa
Changes since 1.236: +2 -3 lines
Diff to previous 1.236 (colored) to selected 1.142 (colored)

Sync with somewhat-recent netbsd-4.

Revision 1.212.2.2.4.1 / (download) - annotate - [select for diffs], Mon Sep 17 20:16:58 2007 UTC (16 years, 6 months ago) by bouyer
Branch: netbsd-3-1
Changes since 1.212.2.2: +0 -1 lines
Diff to previous 1.212.2.2 (colored) next main 1.212.2.3 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by degroote in ticket #1840):
	sys/netinet/ip_input.c: revision 1.253
In some FAST_IPSEC, spl level is not restored correctly. Fix that.
Spotted by Wolfgang Stukenbrock in pr/36800

Revision 1.212.2.2.2.1 / (download) - annotate - [select for diffs], Mon Sep 17 20:15:36 2007 UTC (16 years, 6 months ago) by bouyer
Branch: netbsd-3-0
Changes since 1.212.2.2: +0 -1 lines
Diff to previous 1.212.2.2 (colored) next main 1.212.2.3 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by degroote in ticket #1840):
	sys/netinet/ip_input.c: revision 1.253
In some FAST_IPSEC, spl level is not restored correctly. Fix that.
Spotted by Wolfgang Stukenbrock in pr/36800

Revision 1.212.2.3 / (download) - annotate - [select for diffs], Mon Sep 17 20:14:21 2007 UTC (16 years, 6 months ago) by bouyer
Branch: netbsd-3
Changes since 1.212.2.2: +0 -1 lines
Diff to previous 1.212.2.2 (colored) to branchpoint 1.212 (colored) next main 1.213 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by degroote in ticket #1840):
	sys/netinet/ip_input.c: revision 1.253
In some FAST_IPSEC, spl level is not restored correctly. Fix that.
Spotted by Wolfgang Stukenbrock in pr/36800

Revision 1.236.2.1 / (download) - annotate - [select for diffs], Sun Sep 16 15:34:59 2007 UTC (16 years, 6 months ago) by xtraeme
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-base-1, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, matt-nb4-arm-base, matt-nb4-arm
Branch point for: netbsd-4-0
Changes since 1.236: +2 -3 lines
Diff to previous 1.236 (colored) to selected 1.142 (colored)

Pull up following revision(s) (requested by degroote in ticket #881):
	sys/netinet/ip_input.c: revision 1.253
	sys/netinet6/ip6_input.c: revision 1.110

In some FAST_IPSEC, spl level is not restored correctly. Fix that.
Spotted by Wolfgang Stukenbrock in pr/36800

Revision 1.253 / (download) - annotate - [select for diffs], Tue Sep 11 14:18:09 2007 UTC (16 years, 6 months ago) by degroote
Branch: MAIN
CVS Tags: yamt-x86pmap-base
Branch point for: yamt-x86pmap
Changes since 1.252: +2 -3 lines
Diff to previous 1.252 (colored) to selected 1.142 (colored)

In some FAST_IPSEC, spl level is not restored correctly. Fix that.

Spotted by Wolfgang Stukenbrock in pr/36800

Revision 1.250.4.2 / (download) - annotate - [select for diffs], Mon Sep 3 16:49:04 2007 UTC (16 years, 6 months ago) by jmcneill
Branch: jmcneill-pm
Changes since 1.250.4.1: +7 -4 lines
Diff to previous 1.250.4.1 (colored) to branchpoint 1.250 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.218.2.4 / (download) - annotate - [select for diffs], Mon Sep 3 14:42:58 2007 UTC (16 years, 6 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.3: +92 -76 lines
Diff to previous 1.218.2.3 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.249.2.2 / (download) - annotate - [select for diffs], Mon Sep 3 10:23:45 2007 UTC (16 years, 6 months ago) by skrll
Branch: nick-csl-alignment
Changes since 1.249.2.1: +7 -4 lines
Diff to previous 1.249.2.1 (colored) to branchpoint 1.249 (colored) next main 1.250 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.252 / (download) - annotate - [select for diffs], Thu Aug 30 02:17:37 2007 UTC (16 years, 6 months ago) by dyoung
Branch: MAIN
CVS Tags: nick-csl-alignment-base5
Changes since 1.251: +7 -4 lines
Diff to previous 1.251 (colored) to selected 1.142 (colored)

Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool
and dom_sa_len members from struct domain.  Pools of fixed-size
objects are too rigid for sockaddr_dls, whose size can vary over
a wide range.

Return sockaddr_dl to its "historical" size.  Now that I'm using
malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create
a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl
is useless.

Avoid using sizeof(struct sockaddr_dl) in the kernel.

Introduce sockaddr_dl_alloc() for allocating & initializing an
arbitrary sockaddr_dl on the heap.

Add an argument, the sockaddr length, to sockaddr_alloc(),
sockaddr_copy(), and sockaddr_dl_setaddr().

Constify: LLADDR() -> CLLADDR().

Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(),
instead.  Used properly, sockaddr_dl_setaddr() will not overrun
the end of the sockaddr.

Revision 1.245.2.4 / (download) - annotate - [select for diffs], Mon Aug 20 21:27:59 2007 UTC (16 years, 7 months ago) by ad
Branch: vmlocking
Changes since 1.245.2.3: +7 -13 lines
Diff to previous 1.245.2.3 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.250.4.1 / (download) - annotate - [select for diffs], Thu Aug 16 11:03:46 2007 UTC (16 years, 7 months ago) by jmcneill
Branch: jmcneill-pm
Changes since 1.250: +5 -9 lines
Diff to previous 1.250 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.249.2.1 / (download) - annotate - [select for diffs], Wed Aug 15 13:49:45 2007 UTC (16 years, 7 months ago) by skrll
Branch: nick-csl-alignment
Changes since 1.249: +7 -13 lines
Diff to previous 1.249 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.251 / (download) - annotate - [select for diffs], Fri Aug 10 22:46:16 2007 UTC (16 years, 7 months ago) by dyoung
Branch: MAIN
Branch point for: matt-armv6
Changes since 1.250: +5 -9 lines
Diff to previous 1.250 (colored) to selected 1.142 (colored)

Use sockaddr_dl_init().

Revision 1.250.6.2 / (download) - annotate - [select for diffs], Thu Jul 19 20:48:56 2007 UTC (16 years, 8 months ago) by dyoung
Branch: matt-mips64
Changes since 1.250.6.1: +2401 -0 lines
Diff to previous 1.250.6.1 (colored) to branchpoint 1.250 (colored) next main 1.251 (colored) to selected 1.142 (colored)

Take steps to hide the radix_node implementation of the forwarding table
from the forwarding table's users:

        Introduce rt_walktree() for walking the routing table and
        applying a function to each rtentry.  Replace most
        rn_walktree() calls with it.

        Use rt_getkey()/rt_setkey() to get/set a route's destination.
        Keep a pointer to the sockaddr key in the rtentry, so that
        rtentry users do not have to grovel in the radix_node for
        the key.

        Add a RTM_GET method to rtrequest.  Use that instead of
        radix_node lookups in, e.g., carp(4).

Add sys/net/link_proto.c, which supplies sockaddr routines for
link-layer socket addresses (sockaddr_dl).

Cosmetic:

        Constify.  KNF.  Stop open-coding LIST_FOREACH, TAILQ_FOREACH,
        et cetera.  Use NULL instead of 0 for null pointers.  Use
        __arraycount().  Reduce gratuitous parenthesization.

        Stop using variadic arguments for rip6_output(), it is
        unnecessary.

        Remove the unnecessary rtentry member rt_genmask and the
        code to maintain it, since nothing actually used it.

        Make rt_maskedcopy() easier to read by using meaningful variable
        names.

        Extract a subroutine intern_netmask() for looking up a netmask in
        the masks table.

        Start converting backslash-ridden IPv6 macros in
        sys/netinet6/in6_var.h into inline subroutines that one
        can read without special eyeglasses.

One functional change: when the kernel serves an RTM_GET, RTM_LOCK,
or RTM_CHANGE request, it applies the netmask (if supplied) to a
destination before searching for it in the forwarding table.

I have changed sys/netinet/ip_carp.c, carp_setroute(), to remove
the unlawful radix_node knowledge.

Apart from the changes to carp(4), netiso, ATM, and strip(4), I
have run the changes on three nodes in my wireless routing testbed,
which involves IPv4 + IPv6 dynamic routing acrobatics, and it's
working beautifully so far.

Revision 1.250.6.1, Thu Jul 19 20:48:55 2007 UTC (16 years, 8 months ago) by dyoung
Branch: matt-mips64
Changes since 1.250: +0 -2401 lines
FILE REMOVED

file ip_input.c was added on branch matt-mips64 on 2007-07-19 20:48:56 +0000

Revision 1.250 / (download) - annotate - [select for diffs], Thu Jul 19 20:48:55 2007 UTC (16 years, 8 months ago) by dyoung
Branch: MAIN
CVS Tags: matt-mips64-base, hpcarm-cleanup
Branch point for: matt-mips64, jmcneill-pm
Changes since 1.249: +4 -6 lines
Diff to previous 1.249 (colored) to selected 1.142 (colored)

Take steps to hide the radix_node implementation of the forwarding table
from the forwarding table's users:

        Introduce rt_walktree() for walking the routing table and
        applying a function to each rtentry.  Replace most
        rn_walktree() calls with it.

        Use rt_getkey()/rt_setkey() to get/set a route's destination.
        Keep a pointer to the sockaddr key in the rtentry, so that
        rtentry users do not have to grovel in the radix_node for
        the key.

        Add a RTM_GET method to rtrequest.  Use that instead of
        radix_node lookups in, e.g., carp(4).

Add sys/net/link_proto.c, which supplies sockaddr routines for
link-layer socket addresses (sockaddr_dl).

Cosmetic:

        Constify.  KNF.  Stop open-coding LIST_FOREACH, TAILQ_FOREACH,
        et cetera.  Use NULL instead of 0 for null pointers.  Use
        __arraycount().  Reduce gratuitous parenthesization.

        Stop using variadic arguments for rip6_output(), it is
        unnecessary.

        Remove the unnecessary rtentry member rt_genmask and the
        code to maintain it, since nothing actually used it.

        Make rt_maskedcopy() easier to read by using meaningful variable
        names.

        Extract a subroutine intern_netmask() for looking up a netmask in
        the masks table.

        Start converting backslash-ridden IPv6 macros in
        sys/netinet6/in6_var.h into inline subroutines that one
        can read without special eyeglasses.

One functional change: when the kernel serves an RTM_GET, RTM_LOCK,
or RTM_CHANGE request, it applies the netmask (if supplied) to a
destination before searching for it in the forwarding table.

I have changed sys/netinet/ip_carp.c, carp_setroute(), to remove
the unlawful radix_node knowledge.

Apart from the changes to carp(4), netiso, ATM, and strip(4), I
have run the changes on three nodes in my wireless routing testbed,
which involves IPv4 + IPv6 dynamic routing acrobatics, and it's
working beautifully so far.

Revision 1.246.2.1 / (download) - annotate - [select for diffs], Wed Jul 11 20:11:23 2007 UTC (16 years, 8 months ago) by mjf
Branch: mjf-ufs-trans
Changes since 1.246: +61 -41 lines
Diff to previous 1.246 (colored) next main 1.247 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.245.2.3 / (download) - annotate - [select for diffs], Fri Jun 8 14:17:46 2007 UTC (16 years, 9 months ago) by ad
Branch: vmlocking
Changes since 1.245.2.2: +22 -37 lines
Diff to previous 1.245.2.2 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.242.2.5 / (download) - annotate - [select for diffs], Mon May 7 10:55:59 2007 UTC (16 years, 10 months ago) by yamt
Branch: yamt-idlelwp
Changes since 1.242.2.4: +22 -37 lines
Diff to previous 1.242.2.4 (colored) to branchpoint 1.242 (colored) next main 1.243 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.249 / (download) - annotate - [select for diffs], Wed May 2 20:40:25 2007 UTC (16 years, 10 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-idlelwp-base8, nick-csl-alignment-base, mjf-ufs-trans-base
Branch point for: nick-csl-alignment
Changes since 1.248: +22 -37 lines
Diff to previous 1.248 (colored) to selected 1.142 (colored)

Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.

The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing.  Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.

Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously.  Of course, all design oversights and bugs are
mine.

DETAILS

1 I added to each address family a pool of sockaddrs.  I have
  introduced routines for allocating, copying, and duplicating,
  and freeing sockaddrs:

        struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
        struct sockaddr *sockaddr_copy(struct sockaddr *dst,
                                       const struct sockaddr *src);
        struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
        void sockaddr_free(struct sockaddr *sa);

  sockaddr_alloc() returns either a sockaddr from the pool belonging
  to the specified family, or NULL if the pool is exhausted.  The
  returned sockaddr has the right size for that family; sa_family
  and sa_len fields are initialized to the family and sockaddr
  length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
  sockaddr_in).  sockaddr_free() puts the given sockaddr back into
  its family's pool.

  sockaddr_dup() and sockaddr_copy() work analogously to strdup()
  and strcpy(), respectively.  sockaddr_copy() KASSERTs that the
  family of the destination and source sockaddrs are alike.

  The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
  passed directly to pool_get(9).

2 I added routines for initializing sockaddrs in each address
  family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
  etc.  They are fairly self-explanatory.

3 structs route_in6 and route_iso are no more.  All protocol families
  use struct route.  I have changed the route cache, 'struct route',
  so that it does not contain storage space for a sockaddr.  Instead,
  struct route points to a sockaddr coming from the pool the sockaddr
  belongs to.  I added a new method to struct route, rtcache_setdst(),
  for setting the cache destination:

        int rtcache_setdst(struct route *, const struct sockaddr *);

  rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
  available to create the sockaddr storage.

  It is now possible for rtcache_getdst() to return NULL if, say,
  rtcache_setdst() failed.  I check the return value for NULL
  everywhere in the kernel.

4 Each routing domain (struct domain) has a list of live route
  caches, dom_rtcache.  rtflushall(sa_family_t af) looks up the
  domain indicated by 'af', walks the domain's list of route caches
  and invalidates each one.

Revision 1.242.2.4 / (download) - annotate - [select for diffs], Sun Apr 15 16:04:00 2007 UTC (16 years, 11 months ago) by yamt
Branch: yamt-idlelwp
Changes since 1.242.2.3: +39 -3 lines
Diff to previous 1.242.2.3 (colored) to branchpoint 1.242 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.245.2.2 / (download) - annotate - [select for diffs], Tue Apr 10 13:26:49 2007 UTC (16 years, 11 months ago) by ad
Branch: vmlocking
Changes since 1.245.2.1: +41 -6 lines
Diff to previous 1.245.2.1 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.246.4.1 / (download) - annotate - [select for diffs], Thu Mar 29 19:28:00 2007 UTC (16 years, 11 months ago) by reinoud
Branch: reinoud-bufcleanup
Changes since 1.246: +41 -6 lines
Diff to previous 1.246 (colored) next main 1.247 (colored) to selected 1.142 (colored)

Pullup to -current

Revision 1.248 / (download) - annotate - [select for diffs], Sun Mar 25 20:12:20 2007 UTC (16 years, 11 months ago) by liamjfoy
Branch: MAIN
CVS Tags: thorpej-atomic-base, thorpej-atomic
Changes since 1.247: +39 -3 lines
Diff to previous 1.247 (colored) to selected 1.142 (colored)

Add net.inet.ip.hashsize to control the IPv4 fast forward hash table size.

Revision 1.242.2.3 / (download) - annotate - [select for diffs], Sat Mar 24 14:56:10 2007 UTC (16 years, 11 months ago) by yamt
Branch: yamt-idlelwp
Changes since 1.242.2.2: +8 -7 lines
Diff to previous 1.242.2.2 (colored) to branchpoint 1.242 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.247 / (download) - annotate - [select for diffs], Sat Mar 24 00:27:58 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
Changes since 1.246: +4 -5 lines
Diff to previous 1.246 (colored) to selected 1.142 (colored)

Don't call ip*flow_reap if we're just looking up maxflows

Revision 1.245.2.1 / (download) - annotate - [select for diffs], Tue Mar 13 16:52:02 2007 UTC (17 years ago) by ad
Branch: vmlocking
Changes since 1.245: +6 -4 lines
Diff to previous 1.245 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.246 / (download) - annotate - [select for diffs], Mon Mar 12 18:18:36 2007 UTC (17 years ago) by ad
Branch: MAIN
Branch point for: reinoud-bufcleanup, mjf-ufs-trans
Changes since 1.245: +6 -4 lines
Diff to previous 1.245 (colored) to selected 1.142 (colored)

Pass an ipl argument to pool_init/POOL_INIT to be used when initializing
the pool's lock.

Revision 1.242.2.2 / (download) - annotate - [select for diffs], Mon Mar 12 05:59:37 2007 UTC (17 years ago) by rmind
Branch: yamt-idlelwp
Changes since 1.242.2.1: +22 -25 lines
Diff to previous 1.242.2.1 (colored) to branchpoint 1.242 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.245 / (download) - annotate - [select for diffs], Mon Mar 5 00:50:53 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
Branch point for: vmlocking
Changes since 1.244: +2 -5 lines
Diff to previous 1.244 (colored) to selected 1.142 (colored)

Move ipflow_slowtimo from ip_slowtimo and into in_proto.c

ok matt@

Revision 1.244 / (download) - annotate - [select for diffs], Sun Mar 4 06:03:21 2007 UTC (17 years ago) by christos
Branch: MAIN
Changes since 1.243: +22 -22 lines
Diff to previous 1.243 (colored) to selected 1.142 (colored)

Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

Revision 1.242.2.1 / (download) - annotate - [select for diffs], Tue Feb 27 16:54:55 2007 UTC (17 years ago) by yamt
Branch: yamt-idlelwp
Changes since 1.242: +10 -10 lines
Diff to previous 1.242 (colored) to selected 1.142 (colored)

- sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.

Revision 1.218.2.3 / (download) - annotate - [select for diffs], Mon Feb 26 09:11:44 2007 UTC (17 years ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.2: +12 -12 lines
Diff to previous 1.218.2.2 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.243 / (download) - annotate - [select for diffs], Sat Feb 17 22:34:11 2007 UTC (17 years, 1 month ago) by dyoung
Branch: MAIN
CVS Tags: ad-audiomp-base, ad-audiomp
Changes since 1.242: +10 -10 lines
Diff to previous 1.242 (colored) to selected 1.142 (colored)

KNF: de-__P, bzero -> memset, bcmp -> memcmp.  Remove extraneous
   parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
   in6_src.c, avoid casts by changing several route_in6 pointers
   to struct route pointers.  Remove unnecessary casts to caddr_t
   elsewhere.

Pave the way for eliminating address family-specific route caches:
   soon, struct route will not embed a sockaddr, but it will hold
   a reference to an external sockaddr, instead.  We will set the
   destination sockaddr using rtcache_setdst().  (I created a stub
   for it, but it isn't used anywhere, yet.)  rtcache_free() will
   free the sockaddr.  I have extracted from rtcache_free() a helper
   subroutine, rtcache_clear().  rtcache_clear() will "forget" a
   cached route, but it will not forget the destination by releasing
   the sockaddr.  I use rtcache_clear() instead of rtcache_free()
   in rtcache_update(), because rtcache_update() is not supposed
   to forget the destination.

Constify:

   1 Introduce const accessor for route->ro_dst, rtcache_getdst().

   2 Constify the 'dst' argument to ifnet->if_output().  This
     led me to constify a lot of code called by output routines.

   3 Constify the sockaddr argument to protosw->pr_ctlinput.  This
     led me to constify a lot of code called by ctlinput routines.

   4 Introduce const macros for converting from a generic sockaddr
     to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
     satocsin, et cetera.

Revision 1.229.2.3 / (download) - annotate - [select for diffs], Thu Feb 1 08:48:43 2007 UTC (17 years, 1 month ago) by ad
Branch: newlock2
Changes since 1.229.2.2: +4 -4 lines
Diff to previous 1.229.2.2 (colored) to branchpoint 1.229 (colored) next main 1.230 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.242 / (download) - annotate - [select for diffs], Mon Jan 29 05:48:56 2007 UTC (17 years, 1 month ago) by dyoung
Branch: MAIN
CVS Tags: post-newlock2-merge, newlock2-nbase, newlock2-base
Branch point for: yamt-idlelwp
Changes since 1.241: +4 -4 lines
Diff to previous 1.241 (colored) to selected 1.142 (colored)

Cosmetic: remove extraneous, non-KNF parentheses.  Change a
sizeof(type) to a sizeof(*ptr) so the correctness of the statement
is correct "at a glance" (or so I hope).

Revision 1.229.2.2 / (download) - annotate - [select for diffs], Fri Jan 12 01:04:14 2007 UTC (17 years, 2 months ago) by ad
Branch: newlock2
Changes since 1.229.2.1: +24 -25 lines
Diff to previous 1.229.2.1 (colored) to branchpoint 1.229 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.218.2.2 / (download) - annotate - [select for diffs], Sat Dec 30 20:50:33 2006 UTC (17 years, 2 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218.2.1: +74 -32 lines
Diff to previous 1.218.2.1 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.241 / (download) - annotate - [select for diffs], Fri Dec 22 05:34:02 2006 UTC (17 years, 3 months ago) by ad
Branch: MAIN
Changes since 1.240: +3 -3 lines
Diff to previous 1.240 (colored) to selected 1.142 (colored)

ipintr(): check if the queue is empty before looping. Hardly a giant
win, but removed 30% of splnet() calls in one local test.

Revision 1.231.2.3 / (download) - annotate - [select for diffs], Mon Dec 18 11:42:21 2006 UTC (17 years, 3 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.231.2.2: +18 -15 lines
Diff to previous 1.231.2.2 (colored) to branchpoint 1.231 (colored) next main 1.232 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.240 / (download) - annotate - [select for diffs], Fri Dec 15 21:18:53 2006 UTC (17 years, 3 months ago) by joerg
Branch: MAIN
CVS Tags: yamt-splraiseipl-base5, yamt-splraiseipl-base4
Changes since 1.239: +18 -15 lines
Diff to previous 1.239 (colored) to selected 1.142 (colored)

Introduce new helper functions to abstract the route caching.
rtcache_init and rtcache_init_noclone lookup ro_dst and store
the result in ro_rt, taking care of the reference counting and
calling the domain specific route cache.
rtcache_free checks if a route was cashed and frees the reference.
rtcache_copy copies ro_dst of the given struct route, checking that
enough space is available and incrementing the reference count of the
cached rtentry if necessary.
rtcache_check validates that the cached route is still up. If it isn't,
it tries to look it up again. Afterwards ro_rt is either a valid again
or NULL.
rtcache_copy is used internally.

Adjust to callers of rtalloc/rtflush in the tree to check the sanity of
ro_dst first (if necessary). If it doesn't fit the expectations, free
the cache, otherwise check if the cached route is still valid. After
that combination, a single check for ro_rt == NULL is enough to decide
whether a new lookup needs to be done with a different ro_dst.
Make the route checking in gre stricter by repeating the loop check
after revalidation.
Remove some unused RADIX_MPATH code in in6_src.c. The logic is slightly
changed here to first validate the route and check RTF_GATEWAY
afterwards. This is sementically equivalent though.
etherip doesn't need sc_route_expire similiar to the gif changes from
dyoung@ earlier.

Based on the earlier patch from dyoung@, reviewed and discussed with
him.

Revision 1.231.2.2 / (download) - annotate - [select for diffs], Sun Dec 10 07:19:10 2006 UTC (17 years, 3 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.231.2.1: +18 -22 lines
Diff to previous 1.231.2.1 (colored) to branchpoint 1.231 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.239 / (download) - annotate - [select for diffs], Sat Dec 9 05:33:04 2006 UTC (17 years, 3 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-splraiseipl-base3
Changes since 1.238: +12 -16 lines
Diff to previous 1.238 (colored) to selected 1.142 (colored)

Here are various changes designed to protect against bad IPv4
routing caused by stale route caches (struct route).  Route caches
are sprinkled throughout PCBs, the IP fast-forwarding table, and
IP tunnel interfaces (gre, gif, stf).

Stale IPv6 and ISO route caches will be treated by separate patches.

Thank you to Christoph Badura for suggesting the general approach
to invalidating route caches that I take here.

Here are the details:

Add hooks to struct domain for tracking and for invalidating each
domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.

Introduce helper subroutines, rtflush(ro) for invalidating a route
cache, rtflushall(family) for invalidating all route caches in a
routing domain, and rtcache(ro) for notifying the domain of a new
cached route.

Chain together all IPv4 route caches where ro_rt != NULL.  Provide
in_rtcache() for adding a route to the chain.  Provide in_rtflush()
and in_rtflushall() for invalidating IPv4 route caches.  In
in_rtflush(), set ro_rt to NULL, and remove the route from the
chain.  In in_rtflushall(), walk the chain and remove every route
cache.

In rtrequest1(), call rtflushall() to invalidate route caches when
a route is added.

In gif(4), discard the workaround for stale caches that involves
expiring them every so often.

Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a
call to rtflush(ro).

Update ipflow_fastforward() and all other users of route caches so
that they expect a cached route, ro->ro_rt, to turn to NULL.

Take care when moving a 'struct route' to rtflush() the source and
to rtcache() the destination.

In domain initializers, use .dom_xxx tags.

KNF here and there.

Revision 1.238 / (download) - annotate - [select for diffs], Wed Dec 6 00:39:56 2006 UTC (17 years, 3 months ago) by dyoung
Branch: MAIN
Changes since 1.237: +5 -5 lines
Diff to previous 1.237 (colored) to selected 1.142 (colored)

KNF.

Revision 1.237 / (download) - annotate - [select for diffs], Wed Dec 6 00:38:16 2006 UTC (17 years, 3 months ago) by dyoung
Branch: MAIN
Changes since 1.236: +4 -4 lines
Diff to previous 1.236 (colored) to selected 1.142 (colored)

KNF.

Revision 1.229.2.1 / (download) - annotate - [select for diffs], Sat Nov 18 21:39:36 2006 UTC (17 years, 4 months ago) by ad
Branch: newlock2
Changes since 1.229: +23 -7 lines
Diff to previous 1.229 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.236 / (download) - annotate - [select for diffs], Thu Nov 16 01:33:45 2006 UTC (17 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: netbsd-4-base, netbsd-4-0-RC1
Branch point for: wrstuden-fixsa, netbsd-4
Changes since 1.235: +3 -3 lines
Diff to previous 1.235 (colored) to selected 1.142 (colored)

__unused removal on arguments; approved by core.

Revision 1.231.2.1 / (download) - annotate - [select for diffs], Sun Oct 22 06:07:28 2006 UTC (17 years, 5 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.231: +22 -8 lines
Diff to previous 1.231 (colored) to selected 1.142 (colored)

sync with head

Revision 1.235 / (download) - annotate - [select for diffs], Thu Oct 12 01:32:38 2006 UTC (17 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: yamt-splraiseipl-base2
Changes since 1.234: +3 -3 lines
Diff to previous 1.234 (colored) to selected 1.142 (colored)

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

Revision 1.234 / (download) - annotate - [select for diffs], Tue Oct 10 21:49:14 2006 UTC (17 years, 5 months ago) by dogcow
Branch: MAIN
Changes since 1.233: +4 -4 lines
Diff to previous 1.233 (colored) to selected 1.142 (colored)

change the MOWNER_INIT define to take two args; fix extant struct mowner
decls to use it. Makes options MBUFTRACE compile again and not whinge about
missing structure declarations. (Also makes initialization consistent.)

Revision 1.233 / (download) - annotate - [select for diffs], Thu Oct 5 17:35:19 2006 UTC (17 years, 5 months ago) by tls
Branch: MAIN
Changes since 1.232: +18 -4 lines
Diff to previous 1.232 (colored) to selected 1.142 (colored)

Protect calls to pool_put/pool_get that may occur in interrupt context
with spl used to protect other allocations and frees, or datastructure
element insertion and removal, in adjacent code.

It is almost unquestionably the case that some of the spl()/splx() calls
added here are superfluous, but it really seems wrong to see:

	s=splfoo();
	/* frob data structure */
	splx(s);
	pool_put(x);

and if we think we need to protect the first operation, then it is hard
to see why we should not think we need to protect the next.  "Better
safe than sorry".

It is also almost unquestionably the case that I missed some pool
gets/puts from interrupt context with my strategy for finding these
calls; use of PR_NOWAIT is a strong hint that a pool may be used from
interrupt context but many callers in the kernel pass a "can wait/can't
wait" flag down such that my searches might not have found them.  One
notable area that needs to be looked at is pf.

See also:

http://mail-index.netbsd.org/tech-kern/2006/07/19/0003.html
http://mail-index.netbsd.org/tech-kern/2006/07/19/0009.html

Revision 1.232 / (download) - annotate - [select for diffs], Tue Sep 19 21:42:30 2006 UTC (17 years, 6 months ago) by elad
Branch: MAIN
Changes since 1.231: +3 -3 lines
Diff to previous 1.231 (colored) to selected 1.142 (colored)

Remove ugly (void *) casts from network scope authorization wrapper and
calls to it.

While here, adapt code for system scope listeners to avoid some more
casts (forgotten in previous run).

Update documentation.

Revision 1.224.2.5 / (download) - annotate - [select for diffs], Thu Sep 14 12:31:55 2006 UTC (17 years, 6 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.224.2.4: +5 -3 lines
Diff to previous 1.224.2.4 (colored) to branchpoint 1.224 (colored) next main 1.225 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.231 / (download) - annotate - [select for diffs], Wed Sep 13 10:07:42 2006 UTC (17 years, 6 months ago) by elad
Branch: MAIN
CVS Tags: yamt-splraiseipl-base, yamt-pdpolicy-base9
Branch point for: yamt-splraiseipl
Changes since 1.230: +3 -3 lines
Diff to previous 1.230 (colored) to selected 1.142 (colored)

Don't use KAUTH_RESULT_* where it's not applicable.
Prompted by yamt@.

Revision 1.223.4.1 / (download) - annotate - [select for diffs], Sat Sep 9 02:58:47 2006 UTC (17 years, 6 months ago) by rpaulo
Branch: rpaulo-netinet-merge-pcb
Changes since 1.223: +39 -12 lines
Diff to previous 1.223 (colored) next main 1.224 (colored) to selected 1.142 (colored)

sync with head

Revision 1.230 / (download) - annotate - [select for diffs], Fri Sep 8 20:58:58 2006 UTC (17 years, 6 months ago) by elad
Branch: MAIN
Changes since 1.229: +5 -3 lines
Diff to previous 1.229 (colored) to selected 1.142 (colored)

First take at security model abstraction.

- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
  opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
  security model, called "bsd44". This is the default (and only) model we
  have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

  * There's a sample overlay model, sitting on-top of "bsd44", for
    fast experimenting with tweaking just a subset of an existing model.

    This is pretty cool because it's *really* straightforward to do stuff
    you had to use ugly hacks for until now...

  * And of course, documentation describing how to do the above for quick
    reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

	http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

  - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
  - Checks 'securelevel' directly,
  - Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)

Revision 1.224.2.4 / (download) - annotate - [select for diffs], Sun Sep 3 15:25:42 2006 UTC (17 years, 6 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.224.2.3: +6 -3 lines
Diff to previous 1.224.2.3 (colored) to branchpoint 1.224 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.229 / (download) - annotate - [select for diffs], Wed Aug 30 18:55:09 2006 UTC (17 years, 6 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pdpolicy-base8, rpaulo-netinet-merge-pcb-base
Branch point for: newlock2
Changes since 1.228: +6 -3 lines
Diff to previous 1.228 (colored) to selected 1.142 (colored)

fix initializer

Revision 1.224.2.3 / (download) - annotate - [select for diffs], Fri Aug 11 15:46:33 2006 UTC (17 years, 7 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.224.2.2: +28 -4 lines
Diff to previous 1.224.2.2 (colored) to branchpoint 1.224 (colored) to selected 1.142 (colored)

sync with head

Revision 1.228 / (download) - annotate - [select for diffs], Sun Jul 30 17:38:19 2006 UTC (17 years, 7 months ago) by elad
Branch: MAIN
CVS Tags: yamt-pdpolicy-base7, abandoned-netbsd-4-base, abandoned-netbsd-4
Changes since 1.227: +28 -4 lines
Diff to previous 1.227 (colored) to selected 1.142 (colored)

ugh.. more stuff that's overdue and should not be in 4.0: remove the
sysctl(9) flags CTLFLAG_READONLY[12]. luckily they're not documented
so it's only half regression.

only two knobs used them; proc.curproc.corename (check added in the
existing handler; its CTLFLAG_ANYWRITE, yay) and net.inet.ip.forwsrcrt,
that got its own handler now too.

Revision 1.224.2.2 / (download) - annotate - [select for diffs], Mon Jun 26 12:53:58 2006 UTC (17 years, 8 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.224.2.1: +3 -3 lines
Diff to previous 1.224.2.1 (colored) to branchpoint 1.224 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.218.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 15:11:01 2006 UTC (17 years, 9 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.218: +29 -32 lines
Diff to previous 1.218 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.226.2.1 / (download) - annotate - [select for diffs], Mon Jun 19 04:09:48 2006 UTC (17 years, 9 months ago) by chap
Branch: chap-midi
Changes since 1.226: +3 -3 lines
Diff to previous 1.226 (colored) next main 1.227 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.227 / (download) - annotate - [select for diffs], Wed Jun 7 22:34:01 2006 UTC (17 years, 9 months ago) by kardel
Branch: MAIN
CVS Tags: yamt-pdpolicy-base6, gdamore-uart-base, gdamore-uart, chap-midi-nbase, chap-midi-base
Changes since 1.226: +3 -3 lines
Diff to previous 1.226 (colored) to selected 1.142 (colored)

merge FreeBSD timecounters from branch simonb-timecounters
- struct timeval time is gone
  time.tv_sec -> time_second
- struct timeval mono_time is gone
  mono_time.tv_sec -> time_uptime
- access to time via
	{get,}{micro,nano,bin}time()
	get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
  Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
  NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html

Revision 1.223.6.3 / (download) - annotate - [select for diffs], Thu Jun 1 22:38:47 2006 UTC (17 years, 9 months ago) by kardel
Branch: simonb-timecounters
CVS Tags: simonb-timcounters-final
Changes since 1.223.6.2: +3 -3 lines
Diff to previous 1.223.6.2 (colored) next main 1.224 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.224.6.1 / (download) - annotate - [select for diffs], Wed May 24 15:50:45 2006 UTC (17 years, 9 months ago) by tron
Branch: peter-altq
Changes since 1.224: +4 -4 lines
Diff to previous 1.224 (colored) next main 1.225 (colored) to selected 1.142 (colored)

Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.

Revision 1.224.2.1 / (download) - annotate - [select for diffs], Wed May 24 10:59:03 2006 UTC (17 years, 9 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.224: +4 -4 lines
Diff to previous 1.224 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.224.4.2 / (download) - annotate - [select for diffs], Thu May 11 23:31:09 2006 UTC (17 years, 10 months ago) by elad
Branch: elad-kernelauth
Changes since 1.224.4.1: +3 -3 lines
Diff to previous 1.224.4.1 (colored) to branchpoint 1.224 (colored) next main 1.225 (colored) to selected 1.142 (colored)

sync with head

Revision 1.226 / (download) - annotate - [select for diffs], Mon May 8 18:50:12 2006 UTC (17 years, 10 months ago) by liamjfoy
Branch: MAIN
CVS Tags: yamt-pdpolicy-base5, simonb-timecounters-base, elad-kernelauth-base
Branch point for: chap-midi
Changes since 1.225: +3 -3 lines
Diff to previous 1.225 (colored) to selected 1.142 (colored)

#if -> #ifdef

ok christos

Revision 1.223.6.2 / (download) - annotate - [select for diffs], Sat Apr 22 11:40:10 2006 UTC (17 years, 11 months ago) by simonb
Branch: simonb-timecounters
Changes since 1.223.6.1: +7 -7 lines
Diff to previous 1.223.6.1 (colored) to selected 1.142 (colored)

Sync with head.

Revision 1.224.4.1 / (download) - annotate - [select for diffs], Wed Apr 19 04:46:11 2006 UTC (17 years, 11 months ago) by elad
Branch: elad-kernelauth
Changes since 1.224: +3 -3 lines
Diff to previous 1.224 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.225 / (download) - annotate - [select for diffs], Sat Apr 15 02:24:12 2006 UTC (17 years, 11 months ago) by christos
Branch: MAIN
Changes since 1.224: +3 -3 lines
Diff to previous 1.224 (colored) to selected 1.142 (colored)

Coverity CID 1134: Protect against NULL deref.

Revision 1.223.2.1 / (download) - annotate - [select for diffs], Wed Mar 1 09:28:47 2006 UTC (18 years ago) by yamt
Branch: yamt-uio_vmspace
Changes since 1.223: +6 -6 lines
Diff to previous 1.223 (colored) next main 1.224 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.224 / (download) - annotate - [select for diffs], Sat Feb 18 17:47:07 2006 UTC (18 years, 1 month ago) by joerg
Branch: MAIN
CVS Tags: yamt-uio_vmspace-base5, yamt-pdpolicy-base4, yamt-pdpolicy-base3, yamt-pdpolicy-base2, yamt-pdpolicy-base, peter-altq-base
Branch point for: yamt-pdpolicy, peter-altq, elad-kernelauth
Changes since 1.223: +6 -6 lines
Diff to previous 1.223 (colored) to selected 1.142 (colored)

Print the source and destination IP in ip_forward's DIAGNOSTIC code
with inet_ntoa, making it more human friendly.

From Liam J. Foy in private mail.

Revision 1.223.6.1 / (download) - annotate - [select for diffs], Sat Feb 4 14:18:52 2006 UTC (18 years, 1 month ago) by simonb
Branch: simonb-timecounters
Changes since 1.223: +3 -3 lines
Diff to previous 1.223 (colored) to selected 1.142 (colored)

Adapt for timecounters: mostly use get*time(), use bintime's for timeout
calculations and use "time_second" instead of "time.tv_sec".

Revision 1.223 / (download) - annotate - [select for diffs], Sat Dec 24 20:45:09 2005 UTC (18 years, 2 months ago) by perry
Branch: MAIN
Branch point for: yamt-uio_vmspace, simonb-timecounters, rpaulo-netinet-merge-pcb
Changes since 1.222: +6 -6 lines
Diff to previous 1.222 (colored) to selected 1.142 (colored)

Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

Revision 1.222 / (download) - annotate - [select for diffs], Sun Dec 11 12:24:57 2005 UTC (18 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.221: +2 -2 lines
Diff to previous 1.221 (colored) to selected 1.142 (colored)

merge ktrace-lwp.

Revision 1.169.2.8 / (download) - annotate - [select for diffs], Thu Nov 10 14:11:07 2005 UTC (18 years, 4 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.169.2.7: +20 -23 lines
Diff to previous 1.169.2.7 (colored) next main 1.170 (colored) to selected 1.142 (colored)

Sync with HEAD. Here we go again...

Revision 1.219.2.2 / (download) - annotate - [select for diffs], Wed Nov 2 11:58:11 2005 UTC (18 years, 4 months ago) by yamt
Branch: yamt-vop
Changes since 1.219.2.1: +4 -3 lines
Diff to previous 1.219.2.1 (colored) to branchpoint 1.219 (colored) next main 1.220 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.221 / (download) - annotate - [select for diffs], Tue Nov 1 21:21:09 2005 UTC (18 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: yamt-vop-base3, yamt-readahead-pervnode, yamt-readahead-perfile, yamt-readahead-base3, yamt-readahead-base2, yamt-readahead-base, yamt-readahead, ktrace-lwp-base
Changes since 1.220: +4 -3 lines
Diff to previous 1.220 (colored) to selected 1.142 (colored)

Don't decrement the ttl, until we are sure that we can forward this packet.
Before if there was no route, we would call icmp_error with a datagram
packet that has an incorrect checksum. (From Liam Foy)

Revision 1.219.2.1 / (download) - annotate - [select for diffs], Wed Oct 26 08:32:51 2005 UTC (18 years, 4 months ago) by yamt
Branch: yamt-vop
Changes since 1.219: +9 -20 lines
Diff to previous 1.219 (colored) to selected 1.142 (colored)

sync with head

Revision 1.220 / (download) - annotate - [select for diffs], Sun Oct 23 18:38:53 2005 UTC (18 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: yamt-vop-base2, thorpej-vnode-attr-base, thorpej-vnode-attr
Changes since 1.219: +9 -20 lines
Diff to previous 1.219 (colored) to selected 1.142 (colored)

No need to pass an interface when only the mtu is needed. From OpenBSD via
Liam Foy.

Revision 1.219 / (download) - annotate - [select for diffs], Fri Aug 5 09:21:26 2005 UTC (18 years, 7 months ago) by elad
Branch: MAIN
CVS Tags: yamt-vop-base
Branch point for: yamt-vop
Changes since 1.218: +9 -2 lines
Diff to previous 1.218 (colored) to selected 1.142 (colored)

Add sysctls for IP, ICMP, TCP, and UDP statistics.

Revision 1.218 / (download) - annotate - [select for diffs], Tue Jun 28 19:38:58 2005 UTC (18 years, 8 months ago) by seanb
Branch: MAIN
Branch point for: yamt-lazymbuf
Changes since 1.217: +3 -3 lines
Diff to previous 1.217 (colored) to selected 1.142 (colored)

- Return ICMP_UNREACH_NET when no route found as per
  section 4.3.3.1 of rfc1812.

Revision 1.217 / (download) - annotate - [select for diffs], Thu Jun 9 02:19:59 2005 UTC (18 years, 9 months ago) by atatat
Branch: MAIN
Changes since 1.216: +3 -3 lines
Diff to previous 1.216 (colored) to selected 1.142 (colored)

Properly fix the constipated lossage wrt -Wcast-qual and the sysctl
code.  I know it's not the prettiest code, but it seems to work rather
well in spite of itself.

Revision 1.216 / (download) - annotate - [select for diffs], Wed Jun 1 09:45:15 2005 UTC (18 years, 9 months ago) by blymn
Branch: MAIN
Changes since 1.215: +3 -3 lines
Diff to previous 1.215 (colored) to selected 1.142 (colored)

Unconstify rnode to prevent compile error when GATEWAY option set.

Revision 1.212.2.2 / (download) - annotate - [select for diffs], Fri May 6 08:40:14 2005 UTC (18 years, 10 months ago) by tron
Branch: netbsd-3
CVS Tags: netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE
Branch point for: netbsd-3-1, netbsd-3-0
Changes since 1.212.2.1: +0 -1 lines
Diff to previous 1.212.2.1 (colored) to branchpoint 1.212 (colored) to selected 1.142 (colored)

Pull up revision 1.214 (requested by yamt in ticket #251):
fix problems related to loopback interface checksum omission.  PR/29971.
- for ipv4, defer decision to ip layer as h/w checksum offloading does
  so that it can check the actual interface the packet is going to.
- for ipv6, disable it.
  (maybe will be revisited when it implements h/w checksum offloading.)
ok'ed by Jason Thorpe.

Revision 1.208.2.1 / (download) - annotate - [select for diffs], Fri Apr 29 11:29:33 2005 UTC (18 years, 10 months ago) by kent
Branch: kent-audio2
Changes since 1.208: +39 -53 lines
Diff to previous 1.208 (colored) next main 1.209 (colored) to selected 1.142 (colored)

sync with -current

Revision 1.215 / (download) - annotate - [select for diffs], Fri Apr 29 10:39:09 2005 UTC (18 years, 10 months ago) by yamt
Branch: MAIN
CVS Tags: kent-audio2-base
Changes since 1.214: +3 -2 lines
Diff to previous 1.214 (colored) to selected 1.142 (colored)

move decl of inetsw to its own header to avoid array of incomplete type.
found by gcc4.  reported by Adam Ciarcinski.

Revision 1.214 / (download) - annotate - [select for diffs], Mon Apr 18 21:50:25 2005 UTC (18 years, 11 months ago) by yamt
Branch: MAIN
Changes since 1.213: +2 -3 lines
Diff to previous 1.213 (colored) to selected 1.142 (colored)

fix problems related to loopback interface checksum omission.  PR/29971.

- for ipv4, defer decision to ip layer as h/w checksum offloading does
  so that it can check the actual interface the packet is going to.
- for ipv6, disable it.
  (maybe will be revisited when it implements h/w checksum offloading.)

ok'ed by Jason Thorpe.

Revision 1.212.2.1 / (download) - annotate - [select for diffs], Mon Apr 4 17:15:44 2005 UTC (18 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.212: +3 -2 lines
Diff to previous 1.212 (colored) to selected 1.142 (colored)

Pull up revision 1.213 (requested by yamt in ticket #88):
ip_reass: clear stale csum_flags.

Revision 1.169.2.7 / (download) - annotate - [select for diffs], Fri Apr 1 14:31:50 2005 UTC (18 years, 11 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.169.2.6: +3 -2 lines
Diff to previous 1.169.2.6 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.213 / (download) - annotate - [select for diffs], Tue Mar 29 09:37:08 2005 UTC (18 years, 11 months ago) by yamt
Branch: MAIN
Changes since 1.212: +3 -2 lines
Diff to previous 1.212 (colored) to selected 1.142 (colored)

ip_reass: clear stale csum_flags.

Revision 1.209.2.2 / (download) - annotate - [select for diffs], Sat Mar 19 08:36:38 2005 UTC (19 years ago) by yamt
Branch: yamt-km
Changes since 1.209.2.1: +15 -15 lines
Diff to previous 1.209.2.1 (colored) to branchpoint 1.209 (colored) next main 1.210 (colored) to selected 1.142 (colored)

sync with head.  xen and whitespace.  xen part is not finished.

Revision 1.169.2.6 / (download) - annotate - [select for diffs], Fri Mar 4 16:53:29 2005 UTC (19 years ago) by skrll
Branch: ktrace-lwp
Changes since 1.169.2.5: +15 -15 lines
Diff to previous 1.169.2.5 (colored) to selected 1.142 (colored)

Sync with HEAD.

Hi Perry!

Revision 1.212 / (download) - annotate - [select for diffs], Sat Feb 26 22:45:12 2005 UTC (19 years ago) by perry
Branch: MAIN
CVS Tags: yamt-km-base4, yamt-km-base3, netbsd-3-base
Branch point for: netbsd-3
Changes since 1.211: +15 -15 lines
Diff to previous 1.211 (colored) to selected 1.142 (colored)

nuke trailing whitespace

Revision 1.209.2.1 / (download) - annotate - [select for diffs], Sat Feb 12 18:17:54 2005 UTC (19 years, 1 month ago) by yamt
Branch: yamt-km
Changes since 1.209: +24 -39 lines
Diff to previous 1.209 (colored) to selected 1.142 (colored)

sync with head.

Revision 1.169.2.5 / (download) - annotate - [select for diffs], Fri Feb 4 11:47:48 2005 UTC (19 years, 1 month ago) by skrll
Branch: ktrace-lwp
Changes since 1.169.2.4: +25 -40 lines
Diff to previous 1.169.2.4 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.211 / (download) - annotate - [select for diffs], Thu Feb 3 22:56:42 2005 UTC (19 years, 1 month ago) by perry
Branch: MAIN
CVS Tags: yamt-km-base2
Changes since 1.210: +18 -33 lines
Diff to previous 1.210 (colored) to selected 1.142 (colored)

ANSIfy function declarations

Revision 1.210 / (download) - annotate - [select for diffs], Wed Feb 2 21:41:55 2005 UTC (19 years, 1 month ago) by perry
Branch: MAIN
Changes since 1.209: +8 -8 lines
Diff to previous 1.209 (colored) to selected 1.142 (colored)

de-__P -- will ANSIfy .c files later.

Revision 1.209 / (download) - annotate - [select for diffs], Mon Jan 24 21:25:10 2005 UTC (19 years, 1 month ago) by matt
Branch: MAIN
CVS Tags: yamt-km-base
Branch point for: yamt-km
Changes since 1.208: +3 -3 lines
Diff to previous 1.208 (colored) to selected 1.142 (colored)

Add IFNET_FOREACH and IFADDR_FOREACH macros and start using them.

Revision 1.169.2.4 / (download) - annotate - [select for diffs], Mon Jan 17 19:32:54 2005 UTC (19 years, 2 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.169.2.3: +3 -3 lines
Diff to previous 1.169.2.3 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.208 / (download) - annotate - [select for diffs], Sun Dec 19 06:42:24 2004 UTC (19 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: kent-audio1-beforemerge
Branch point for: kent-audio2
Changes since 1.207: +3 -3 lines
Diff to previous 1.207 (colored) to selected 1.142 (colored)

yamt's changes seem to fix all the checksumming issues. Turn the loopback
checksums back off so we can make sure that everything works.

Revision 1.169.2.3 / (download) - annotate - [select for diffs], Sat Dec 18 09:33:05 2004 UTC (19 years, 3 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.169.2.2: +20 -6 lines
Diff to previous 1.169.2.2 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.207 / (download) - annotate - [select for diffs], Fri Dec 17 22:54:52 2004 UTC (19 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.206: +3 -3 lines
Diff to previous 1.206 (colored) to selected 1.142 (colored)

Turn checksumming on loopback back on until we fix the bugs in it.
Connect over tcp on the loopback is broken:

  4729 amq      0.000007 CALL  connect(4,0x804f2a0,0x1c)
  4729 amq      75.007420 RET   connect -1 errno 60 Connection timed out

Revision 1.206 / (download) - annotate - [select for diffs], Wed Dec 15 04:25:19 2004 UTC (19 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.205: +20 -6 lines
Diff to previous 1.205 (colored) to selected 1.142 (colored)

Don't perform checksums on loopback interfaces.  They can be reenabled with
the net.inet.*.do_loopback_cksum sysctl.

Approved by: groo

Revision 1.169.2.2 / (download) - annotate - [select for diffs], Tue Oct 19 15:58:14 2004 UTC (19 years, 5 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.169.2.1: +17 -3 lines
Diff to previous 1.169.2.1 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.205 / (download) - annotate - [select for diffs], Wed Oct 6 01:34:11 2004 UTC (19 years, 5 months ago) by darrenr
Branch: MAIN
CVS Tags: kent-audio1-base, kent-audio1
Changes since 1.204: +16 -2 lines
Diff to previous 1.204 (colored) to selected 1.142 (colored)

Add a comment to document what setting "srcrt" is really on about in ipintr()

Revision 1.204 / (download) - annotate - [select for diffs], Wed Sep 29 21:28:34 2004 UTC (19 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.203: +3 -3 lines
Diff to previous 1.203 (colored) to selected 1.142 (colored)

PR/27081: Sean Boudreau: ip_input() bad csum count not incremented on sw csum

Revision 1.169.2.1 / (download) - annotate - [select for diffs], Tue Aug 3 10:54:39 2004 UTC (19 years, 7 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.169: +563 -238 lines
Diff to previous 1.169 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.197.2.1 / (download) - annotate - [select for diffs], Fri May 28 07:25:05 2004 UTC (19 years, 9 months ago) by tron
Branch: netbsd-2-0
CVS Tags: netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-1, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE, netbsd-2
Changes since 1.197: +54 -25 lines
Diff to previous 1.197 (colored) next main 1.198 (colored) to selected 1.142 (colored)

Pull up revision 1.203 (requested by atatat in ticket #391):
Sysctl descriptions under net subtree (net.key not done)

Revision 1.203 / (download) - annotate - [select for diffs], Tue May 25 04:34:00 2004 UTC (19 years, 9 months ago) by atatat
Branch: MAIN
CVS Tags: BEFORE-IPF413
Changes since 1.202: +54 -25 lines
Diff to previous 1.202 (colored) to selected 1.142 (colored)

Sysctl descriptions under net subtree (net.key not done)

Revision 1.202 / (download) - annotate - [select for diffs], Sun May 2 05:02:53 2004 UTC (19 years, 10 months ago) by darrenr
Branch: MAIN
Changes since 1.201: +2 -17 lines
Diff to previous 1.201 (colored) to selected 1.142 (colored)

at line 543, we do a pullup here of hlen bytes into the mbuf,
so these later ones are superfluous.

Revision 1.201 / (download) - annotate - [select for diffs], Sat May 1 02:20:42 2004 UTC (19 years, 10 months ago) by matt
Branch: MAIN
Changes since 1.200: +6 -8 lines
Diff to previous 1.200 (colored) to selected 1.142 (colored)

Use EVCNT_ATTACH_STATIC{,2}

Revision 1.200 / (download) - annotate - [select for diffs], Sun Apr 25 16:42:42 2004 UTC (19 years, 10 months ago) by simonb
Branch: MAIN
Changes since 1.199: +4 -9 lines
Diff to previous 1.199 (colored) to selected 1.142 (colored)

Initialise (most) pools from a link set instead of explicit calls
to pool_init.  Untouched pools are ones that either in arch-specific
code, or aren't initialiased during initial system startup.

 Convert struct session, ucred and lockf to pools.

Revision 1.199 / (download) - annotate - [select for diffs], Thu Apr 22 01:01:41 2004 UTC (19 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.198: +3 -4 lines
Diff to previous 1.198 (colored) to selected 1.142 (colored)

Constify protosw arrays.  This can reduce the kernel .data section by
over 4K (if all the network protocols) are loaded.

Revision 1.198 / (download) - annotate - [select for diffs], Thu Apr 1 22:47:55 2004 UTC (19 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.197: +4 -4 lines
Diff to previous 1.197 (colored) to selected 1.142 (colored)

In ip_reass_ttl_descr, make i signed since it's compared to >= 0

Revision 1.197 / (download) - annotate - [select for diffs], Wed Mar 24 15:34:54 2004 UTC (19 years, 11 months ago) by atatat
Branch: MAIN
CVS Tags: netbsd-2-0-base, BEFORE-IPF411
Branch point for: netbsd-2-0
Changes since 1.196: +50 -26 lines
Diff to previous 1.196 (colored) to selected 1.142 (colored)

Tango on sysctl_createv() and flags.  The flags have all been renamed,
and sysctl_createv() now uses more arguments.

Revision 1.196 / (download) - annotate - [select for diffs], Thu Jan 15 05:13:17 2004 UTC (20 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.195: +3 -3 lines
Diff to previous 1.195 (colored) to selected 1.142 (colored)

correct typo in 1.94 -> 1.95.  pointed out by Shiva Shenoy

Revision 1.195 / (download) - annotate - [select for diffs], Sun Dec 14 01:14:24 2003 UTC (20 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.194: +7 -7 lines
Diff to previous 1.194 (colored) to selected 1.142 (colored)

Fix syntax errors in CHECK_NMBCLUSTER_PARAMS().

Revision 1.194 / (download) - annotate - [select for diffs], Sun Dec 14 00:09:24 2003 UTC (20 years, 3 months ago) by jonathan
Branch: MAIN
Changes since 1.193: +144 -26 lines
Diff to previous 1.193 (colored) to selected 1.142 (colored)

Second part of hashed IP_reassembly changes:

When under pressure for mbufs or we have too many fragments in the IP
reassembly queue, drop half of all fragments. This multiplicative-drop
strategy ensures we return to a healthy state, even under borderline
denial-of-service from extremely lossy NFS-over-UDP peers.
The multiplicative-drop phase currently drops 50% of fragments, but
has pre-placed support for implementing drop-fractions other than 50%

The threshhold for the `drop-half' phase is the new variable,
ip_maxfrags which is calculated as nmbclusters/4.

ip_input.c now keeps ip_nmbclusters, a cached copy of nmbclusters.
Before using limits derived from nmbclusters, we check if nmbclusters
and ip_nmclusters are equal. If not, we recompute Ip parameters
derived from nmbclusters.  Based on a suggestion by Jason Thorpe.
ip_maxfrags is currently auto-recalcuated.

The counters ip_nfrags and ip_nfragpacketsr are now declared static
and uninitialized (bss), to discourage tampering with them.

Revision 1.193 / (download) - annotate - [select for diffs], Fri Dec 12 21:17:59 2003 UTC (20 years, 3 months ago) by scw
Branch: MAIN
Changes since 1.192: +23 -3 lines
Diff to previous 1.192 (colored) to selected 1.142 (colored)

Make fast-ipsec and ipflow (Fast Forwarding) interoperate.

The idea is that we only clear M_CANFASTFWD if an SPD exists
for the packet. Otherwise, it's safe to add a fast-forward
cache entry for the route.

To make this work properly, we invalidate the entire ipflow
cache if a fast-ipsec key is added or changed.

Revision 1.192 / (download) - annotate - [select for diffs], Mon Dec 8 02:23:27 2003 UTC (20 years, 3 months ago) by jonathan
Branch: MAIN
Changes since 1.191: +24 -5 lines
Diff to previous 1.191 (colored) to selected 1.142 (colored)

Add new field ipq_nfrags to struct ipq. Maintain count of fragments
(fragments, not fragmented packets) in each queue entry.
Use ipq_nfrags to maintain a count of total fragments in reassembly queue.

Revision 1.191 / (download) - annotate - [select for diffs], Sun Dec 7 01:18:26 2003 UTC (20 years, 3 months ago) by jonathan
Branch: MAIN
Changes since 1.190: +4 -4 lines
Diff to previous 1.190 (colored) to selected 1.142 (colored)

KNF: s/unsigned/u_int/, in a couple of places I missed.

Revision 1.190 / (download) - annotate - [select for diffs], Sat Dec 6 23:56:10 2003 UTC (20 years, 3 months ago) by jonathan
Branch: MAIN
Changes since 1.189: +63 -19 lines
Diff to previous 1.189 (colored) to selected 1.142 (colored)

Replace the single global IP reassembly list/listhead, with a
hashtable of list-heads. Independently re-invented, then reworked to
match similar code in FreeBSD.

Revision 1.189 / (download) - annotate - [select for diffs], Thu Dec 4 19:38:24 2003 UTC (20 years, 3 months ago) by atatat
Branch: MAIN
Changes since 1.188: +173 -156 lines
Diff to previous 1.188 (colored) to selected 1.142 (colored)

Dynamic sysctl.

Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al.  Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.

Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded.  Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.

All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.

PS - I'm sorry, but there's a distinct lack of documentation at the
moment.  I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.

Revision 1.188 / (download) - annotate - [select for diffs], Thu Dec 4 10:02:35 2003 UTC (20 years, 3 months ago) by scw
Branch: MAIN
Changes since 1.187: +3 -3 lines
Diff to previous 1.187 (colored) to selected 1.142 (colored)

ipflow (IP fast forwarding) is not compatible with FAST_IPSEC either.

XXX: The decision whether or not to fast forward should be made
XXX: dynamically. Using the current approach seriously reduces
XXX: routing performance on gateways with IPsec enabled.

Revision 1.187 / (download) - annotate - [select for diffs], Wed Nov 26 21:15:47 2003 UTC (20 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.186: +2 -8 lines
Diff to previous 1.186 (colored) to selected 1.142 (colored)

define RANDOM_IP_ID by default (unifdef -DRANDOM_IP_ID).
one use remains in sys/netipsec, which is kept for freebsd source code compat.

Revision 1.186 / (download) - annotate - [select for diffs], Mon Nov 24 20:54:59 2003 UTC (20 years, 3 months ago) by scw
Branch: MAIN
Changes since 1.185: +4 -2 lines
Diff to previous 1.185 (colored) to selected 1.142 (colored)

For FAST_IPSEC, ipfilter gets to see wire-format IPsec-encapsulated packets
only. Decapsulated packets bypass ipfilter. This mimics current behaviour
for Kame IPsec.

Revision 1.185 / (download) - annotate - [select for diffs], Wed Nov 19 22:40:55 2003 UTC (20 years, 4 months ago) by fvdl
Branch: MAIN
Changes since 1.184: +3 -3 lines
Diff to previous 1.184 (colored) to selected 1.142 (colored)

Correct number of arguments to sysctl_rdint.

Revision 1.184 / (download) - annotate - [select for diffs], Wed Nov 19 18:39:34 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.183: +16 -2 lines
Diff to previous 1.183 (colored) to selected 1.142 (colored)

Patch back support for (badly) randomized IP ids, by request:

* Include "opt_inet.h" everywhere IP-ids are generated with ip_newid(),
  so the RANDOM_IP_ID option is visible. Also in ip_id(), to ensure
  the prototype for ip_randomid() is made visible.

* Add new sysctl to enable randomized IP-ids, provided the kernel was
  configured with RANDOM_IP_ID. (The sysctl defaults to zero, and is
  a read-only zero if RANDOM_IP_ID is not configured).

Note that the implementation of randomized IP ids is still defective,
and should not be enabled at all (even if configured) without
very careful deliberation. Caveat emptor.

Revision 1.183 / (download) - annotate - [select for diffs], Mon Nov 17 22:34:16 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.182: +4 -2 lines
Diff to previous 1.182 (colored) to selected 1.142 (colored)

Diff to netinet/ip_input.c (restore ip_id, initialize) for ip_id fix:

Revert the (default) ip_id algorithm to the pre-randomid algorithm,
due to demonstrated low-period repeated IDs from the randomized IP_id
code.  Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.

Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be  provided.

This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.

Revision 1.182 / (download) - annotate - [select for diffs], Wed Nov 12 15:00:05 2003 UTC (20 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.181: +5 -5 lines
Diff to previous 1.181 (colored) to selected 1.142 (colored)

KNF

Revision 1.181 / (download) - annotate - [select for diffs], Tue Nov 11 20:25:26 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.180: +5 -5 lines
Diff to previous 1.180 (colored) to selected 1.142 (colored)

Change global head-of-local-IP-address list from in_ifaddr to
in_ifaddrhead. Recent changes in struct names caused a namespace
collision in fast-ipsec, which are most cleanly fixed by using
"in_ifaddrhead" as the listhead name.

Revision 1.180 / (download) - annotate - [select for diffs], Mon Nov 10 20:03:29 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.179: +10 -5 lines
Diff to previous 1.179 (colored) to selected 1.142 (colored)

Make per-protocol network input queue stats visible to userland via
sysctl. Add a protocol-independent sysctl handler to show the per-protocol
"struct ifq' statistics. Add IP(v4) specific call to the handler.
Other protocols can show their per-protocol input statistics by
allocating a sysclt node and calling sysctl_ifq() with their own struct ifq *.

As posted to tech-kern plus improvements/cleanup suggested by Andrew Brown.

Revision 1.179 / (download) - annotate - [select for diffs], Sun Sep 28 04:45:14 2003 UTC (20 years, 5 months ago) by mycroft
Branch: MAIN
Changes since 1.178: +2 -12 lines
Diff to previous 1.178 (colored) to selected 1.142 (colored)

Remove some code that breaks AH tunnels completely.  The comment describing
the purpose of this code appears to be on crack -- it's talking about
end-to-end authentication, but the purpose of an AH tunnel is NOT end-to-end
authentication; it's authentication of the tunnel endpoints.

NB: This does not fix the fact that IPsec leaks "packet tags."

Revision 1.178 / (download) - annotate - [select for diffs], Sat Sep 6 03:36:30 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.177: +2 -4 lines
Diff to previous 1.177 (colored) to selected 1.142 (colored)

randomize IPv4/v6 fragment ID and IPv6 flowlabel.  avoids predictability
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.

Revision 1.177 / (download) - annotate - [select for diffs], Sat Sep 6 00:24:54 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.176: +3 -3 lines
Diff to previous 1.176 (colored) to selected 1.142 (colored)

backout previous, we don't know if arc4random() corrides on reboot.

Revision 1.176 / (download) - annotate - [select for diffs], Fri Sep 5 22:09:38 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.175: +3 -3 lines
Diff to previous 1.175 (colored) to selected 1.142 (colored)

initialize fragment ID with arc4random, not by time.tv_sec

Revision 1.175 / (download) - annotate - [select for diffs], Fri Aug 22 22:00:37 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.174: +2 -6 lines
Diff to previous 1.174 (colored) to selected 1.142 (colored)

remove ipsec_set/getsocket.  now we explicitly pass socket * to ip{,6}_output.

Revision 1.174 / (download) - annotate - [select for diffs], Fri Aug 22 21:53:03 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.173: +3 -3 lines
Diff to previous 1.173 (colored) to selected 1.142 (colored)

change the additional arg to be passed to ip{,6}_output to struct socket *.

this fixes KAME policy lookup which was broken by the previous commit.

Revision 1.173 / (download) - annotate - [select for diffs], Fri Aug 15 03:42:02 2003 UTC (20 years, 7 months ago) by jonathan
Branch: MAIN
Changes since 1.172: +89 -6 lines
Diff to previous 1.172 (colored) to selected 1.142 (colored)

(fast-ipsec): Add hooks to pass IPv4 IPsec traffic into fast-ipsec, if
configured with ``options FAST_IPSEC''.  Kernels with KAME IPsec or
with no IPsec should work as before.

All calls to ip_output() now always pass an additional compulsory
argument: the inpcb associated with the packet being sent,
or 0 if no inpcb is available.

Fast-ipsec tested with ICMP or UDP over ESP. TCP doesn't work, yet.

Revision 1.172 / (download) - annotate - [select for diffs], Thu Aug 7 16:33:12 2003 UTC (20 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.171: +3 -7 lines
Diff to previous 1.171 (colored) to selected 1.142 (colored)

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

Revision 1.171 / (download) - annotate - [select for diffs], Mon Jul 14 16:39:43 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.170: +2 -3 lines
Diff to previous 1.170 (colored) to selected 1.142 (colored)

correct igmp.  from love

Revision 1.170 / (download) - annotate - [select for diffs], Thu Jul 3 05:03:53 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.169: +5 -7 lines
Diff to previous 1.169 (colored) to selected 1.142 (colored)

minor KNF

Revision 1.169 / (download) - annotate - [select for diffs], Mon Jun 30 07:54:28 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Branch point for: ktrace-lwp
Changes since 1.168: +8 -3 lines
Diff to previous 1.168 (colored) to selected 1.142 (colored)

do not generate ICMP redirect when packet filter alters ip_dst to an
address that reside on the same link.  Cedric Berger convinced me that
it is necessary.

Revision 1.168 / (download) - annotate - [select for diffs], Mon Jun 30 01:21:11 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.167: +4 -4 lines
Diff to previous 1.167 (colored) to selected 1.142 (colored)

fix indent

Revision 1.167 / (download) - annotate - [select for diffs], Mon Jun 23 11:02:14 2003 UTC (20 years, 9 months ago) by martin
Branch: MAIN
Changes since 1.166: +3 -2 lines
Diff to previous 1.166 (colored) to selected 1.142 (colored)

Make sure to include opt_foo.h if a defflag option FOO is used.

Revision 1.150.4.3 / (download) - annotate - [select for diffs], Tue Jun 17 11:55:53 2003 UTC (20 years, 9 months ago) by msaitoh
Branch: netbsd-1-6
CVS Tags: netbsd-1-6-PATCH002-RELEASE, netbsd-1-6-PATCH002-RC4, netbsd-1-6-PATCH002-RC3, netbsd-1-6-PATCH002-RC2, netbsd-1-6-PATCH002-RC1, netbsd-1-6-PATCH002
Changes since 1.150.4.2: +5 -10 lines
Diff to previous 1.150.4.2 (colored) to branchpoint 1.150 (colored) next main 1.151 (colored) to selected 1.142 (colored)

Pullup rev. 1.163 via patch (requested by itojun in ticket #984):
 remove all entries in rt timer queue on ip_mtudisc change, instead of
 destroying the queue.

Revision 1.166 / (download) - annotate - [select for diffs], Sun Jun 15 02:49:33 2003 UTC (20 years, 9 months ago) by matt
Branch: MAIN
Changes since 1.165: +11 -2 lines
Diff to previous 1.165 (colored) to selected 1.142 (colored)

Change the way multicasts are kept.  They now use a hash table in the same
manner as the ifaddr hash table.  By doing this, the mkludge code can go
away.  At the same time, keep track of what pcbs are using what ifaddr and
when an address is deleted from an interface, notify/abort all sockets
that have that address as a source.  Switch IGMP and multicasts to use pools
for allocation.  Fix a number of potential problems in the igmp code where
allocation failures could cause a trap/panic.

Revision 1.165 / (download) - annotate - [select for diffs], Fri Apr 11 19:41:37 2003 UTC (20 years, 11 months ago) by christos
Branch: MAIN
Changes since 1.164: +43 -2 lines
Diff to previous 1.164 (colored) to selected 1.142 (colored)

PR/991: Darren Reed: Add a sysctl (checkinteface) to implement this. This
implementation is taken from FreeBSD, but we default to off.
XXX: We should really do this on a per ifaddr basis as jason suggested.

Revision 1.164 / (download) - annotate - [select for diffs], Wed Feb 26 06:31:14 2003 UTC (21 years ago) by matt
Branch: MAIN
Changes since 1.163: +21 -2 lines
Diff to previous 1.163 (colored) to selected 1.142 (colored)

Add MBUFTRACE kernel option.
Do a little mbuf rework while here.  Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *).  These are not performance critical and making them
call m_get saves considerable space.  Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.

Revision 1.130.2.16 / (download) - annotate - [select for diffs], Wed Dec 11 06:46:37 2002 UTC (21 years, 3 months ago) by thorpej
Branch: nathanw_sa
CVS Tags: nathanw_sa_end
Changes since 1.130.2.15: +3 -8 lines
Diff to previous 1.130.2.15 (colored) next main 1.131 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.114.4.10 / (download) - annotate - [select for diffs], Wed Nov 13 00:34:59 2002 UTC (21 years, 4 months ago) by itojun
Branch: netbsd-1-5
Changes since 1.114.4.9: +5 -10 lines
Diff to previous 1.114.4.9 (colored) to branchpoint 1.114 (colored) next main 1.115 (colored) to selected 1.142 (colored)

sys/net/route.c                                 1.55 via patch
sys/net/route.h                                 1.32
sys/netinet/ip_input.c                          1.163

  Remove all entries on rt timer queue on ip_mtudisc change, instead
  of destroying the queue.

(itojun, redo)

Revision 1.150.4.2 / (download) - annotate - [select for diffs], Tue Nov 12 14:44:11 2002 UTC (21 years, 4 months ago) by tron
Branch: netbsd-1-6
CVS Tags: netbsd-1-6-PATCH001-RELEASE, netbsd-1-6-PATCH001-RC3, netbsd-1-6-PATCH001-RC2, netbsd-1-6-PATCH001-RC1, netbsd-1-6-PATCH001
Changes since 1.150.4.1: +3 -5 lines
Diff to previous 1.150.4.1 (colored) to branchpoint 1.150 (colored) to selected 1.142 (colored)

Pull up revision 1.160 (requested by itojun in ticket #977):
always create pmtud timeout queue, as ip_mtudisc can be tweaked via
sysctl at runtime.  From lha@stacken.kth.se

Revision 1.163 / (download) - annotate - [select for diffs], Tue Nov 12 02:10:13 2002 UTC (21 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: nathanw_sa_before_merge, nathanw_sa_base, gmcgarry_ucred_base, gmcgarry_ucred, gmcgarry_ctxsw_base, gmcgarry_ctxsw, fvdl_fs64_base
Changes since 1.162: +5 -10 lines
Diff to previous 1.162 (colored) to selected 1.142 (colored)

remove all entries in rt timer queue on ip_mtudisc change, instead of
destroying the queue.

Revision 1.162 / (download) - annotate - [select for diffs], Tue Nov 12 01:57:07 2002 UTC (21 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.161: +12 -5 lines
Diff to previous 1.161 (colored) to selected 1.142 (colored)

ckout previous - doesn't compile

Revision 1.161 / (download) - annotate - [select for diffs], Tue Nov 12 01:38:09 2002 UTC (21 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.160: +5 -12 lines
Diff to previous 1.160 (colored) to selected 1.142 (colored)

update ip_mtudisc sysctl change handling.

Revision 1.130.2.15 / (download) - annotate - [select for diffs], Mon Nov 11 22:15:23 2002 UTC (21 years, 4 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.14: +3 -5 lines
Diff to previous 1.130.2.14 (colored) to selected 1.142 (colored)

Catch up to -current

Revision 1.114.4.9 / (download) - annotate - [select for diffs], Sun Nov 10 19:58:05 2002 UTC (21 years, 4 months ago) by itojun
Branch: netbsd-1-5
Changes since 1.114.4.8: +2 -4 lines
Diff to previous 1.114.4.8 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

sys/netinet/ip_input.c                          1.160 via patch

  Always create PMTUD timeout queue, as PMTUD can be turned on via
  sysctl at runtime.  From lha@stacken.kth.se.

(itojun)

Revision 1.160 / (download) - annotate - [select for diffs], Sun Nov 10 19:52:16 2002 UTC (21 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.159: +3 -5 lines
Diff to previous 1.159 (colored) to selected 1.142 (colored)

always create pmtud timeout queue, as ip_mtudisc can be tweaked via
sysctl at runtime.  From lha@stacken.kth.se

Revision 1.159 / (download) - annotate - [select for diffs], Sat Nov 2 07:28:12 2002 UTC (21 years, 4 months ago) by perry
Branch: MAIN
Changes since 1.158: +4 -4 lines
Diff to previous 1.158 (colored) to selected 1.142 (colored)

/*CONTCOND*/ while (0)'ed macros

Revision 1.130.2.14 / (download) - annotate - [select for diffs], Fri Oct 18 02:45:17 2002 UTC (21 years, 5 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.13: +4 -1 lines
Diff to previous 1.130.2.13 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.135.2.6 / (download) - annotate - [select for diffs], Thu Oct 10 18:43:59 2002 UTC (21 years, 5 months ago) by jdolecek
Branch: kqueue
Changes since 1.135.2.5: +10 -5 lines
Diff to previous 1.135.2.5 (colored) next main 1.136 (colored) to selected 1.142 (colored)

sync kqueue with -current; this includes merge of gehenna-devsw branch,
merge of i386 MP branch, and part of autoconf rototil work

Revision 1.158 / (download) - annotate - [select for diffs], Mon Sep 23 13:43:27 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kqueue-beforemerge, kqueue-base, kqueue-aftermerge
Changes since 1.157: +6 -3 lines
Diff to previous 1.157 (colored) to selected 1.142 (colored)

revert mtudisc_timeout value to the old one if update falis

Revision 1.130.2.13 / (download) - annotate - [select for diffs], Tue Sep 17 21:23:03 2002 UTC (21 years, 6 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.12: +5 -3 lines
Diff to previous 1.130.2.12 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.157 / (download) - annotate - [select for diffs], Wed Sep 11 02:46:43 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.156: +4 -4 lines
Diff to previous 1.156 (colored) to selected 1.142 (colored)

KNF - return is not a function.  sync w/kame.

Revision 1.156 / (download) - annotate - [select for diffs], Wed Sep 11 02:41:19 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.155: +5 -3 lines
Diff to previous 1.155 (colored) to selected 1.142 (colored)

correct signedness mixup in pointer passing.  sync w/kame

Revision 1.135.2.5 / (download) - annotate - [select for diffs], Fri Sep 6 08:49:14 2002 UTC (21 years, 6 months ago) by jdolecek
Branch: kqueue
Changes since 1.135.2.4: +60 -38 lines
Diff to previous 1.135.2.4 (colored) to selected 1.142 (colored)

sync kqueue branch with HEAD

Revision 1.150.2.3 / (download) - annotate - [select for diffs], Thu Aug 29 00:56:46 2002 UTC (21 years, 6 months ago) by gehenna
Branch: gehenna-devsw
Changes since 1.150.2.2: +42 -34 lines
Diff to previous 1.150.2.2 (colored) to branchpoint 1.150 (colored) next main 1.151 (colored) to selected 1.142 (colored)

catch up with -current.

Revision 1.130.2.12 / (download) - annotate - [select for diffs], Tue Aug 27 23:48:00 2002 UTC (21 years, 6 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.11: +40 -32 lines
Diff to previous 1.130.2.11 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.155 / (download) - annotate - [select for diffs], Wed Aug 14 00:23:31 2002 UTC (21 years, 7 months ago) by itojun
Branch: MAIN
CVS Tags: gehenna-devsw-base
Changes since 1.154: +42 -34 lines
Diff to previous 1.154 (colored) to selected 1.142 (colored)

avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE
optimization made last year.  should solve PR 17867 and 10195.

IP_HDRINCL behavior of raw ip socket is kept unchanged.  we may want to
provide IP_HDRINCL variant that does not swap endian.

Revision 1.130.2.11 / (download) - annotate - [select for diffs], Thu Aug 1 02:46:47 2002 UTC (21 years, 7 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.10: +20 -6 lines
Diff to previous 1.130.2.10 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.150.2.2 / (download) - annotate - [select for diffs], Mon Jul 15 10:36:58 2002 UTC (21 years, 8 months ago) by gehenna
Branch: gehenna-devsw
Changes since 1.150.2.1: +20 -6 lines
Diff to previous 1.150.2.1 (colored) to branchpoint 1.150 (colored) to selected 1.142 (colored)

catch up with -current.

Revision 1.154 / (download) - annotate - [select for diffs], Sun Jun 30 22:40:34 2002 UTC (21 years, 8 months ago) by thorpej
Branch: MAIN
Changes since 1.153: +20 -6 lines
Diff to previous 1.153 (colored) to selected 1.142 (colored)

Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
  m_pullup(), except that it always prepends and copies, rather
  than only doing so if the desired length is larger than m->m_len.
  m_copyup() also allows an offset into the destination mbuf, which
  allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP.  These
  macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
  architectures which do not have strict alignment constraints don't
  pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
  assert that it already is, as appropriate.

Note: This code is still somewhat experimental.  However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).

Revision 1.135.2.4 / (download) - annotate - [select for diffs], Sun Jun 23 17:50:51 2002 UTC (21 years, 9 months ago) by jdolecek
Branch: kqueue
Changes since 1.135.2.3: +31 -27 lines
Diff to previous 1.135.2.3 (colored) to selected 1.142 (colored)

catch up with -current on kqueue branch

Revision 1.150.2.1 / (download) - annotate - [select for diffs], Thu Jun 20 15:52:21 2002 UTC (21 years, 9 months ago) by gehenna
Branch: gehenna-devsw
Changes since 1.150: +10 -8 lines
Diff to previous 1.150 (colored) to selected 1.142 (colored)

catch up with -current.

Revision 1.130.2.10 / (download) - annotate - [select for diffs], Thu Jun 20 03:48:44 2002 UTC (21 years, 9 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.9: +30 -26 lines
Diff to previous 1.130.2.9 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.153 / (download) - annotate - [select for diffs], Thu Jun 13 16:25:54 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.152: +3 -3 lines
Diff to previous 1.152 (colored) to selected 1.142 (colored)

set IPv4 parameter to modern value.
- turn on path MTU discovery (previous: turned off)
- ICMPv4 redirect entry timeout = 600 sec (previous: never timeout)

Revision 1.152 / (download) - annotate - [select for diffs], Sun Jun 9 16:33:40 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.151: +7 -7 lines
Diff to previous 1.151 (colored) to selected 1.142 (colored)

whitespace

Revision 1.150.4.1 / (download) - annotate - [select for diffs], Fri Jun 7 19:39:21 2002 UTC (21 years, 9 months ago) by thorpej
Branch: netbsd-1-6
CVS Tags: netbsd-1-6-RELEASE, netbsd-1-6-RC3, netbsd-1-6-RC2, netbsd-1-6-RC1
Changes since 1.150: +4 -2 lines
Diff to previous 1.150 (colored) to selected 1.142 (colored)

pullup-1-6 ticket #202:

syssrc/sys/netinet/ip_input.c 1.151

Original log message:

look at rmx_mtu on IPsec tunnel MTU computation.
From: David Waitzman <djw@bbn.com>

Revision 1.151 / (download) - annotate - [select for diffs], Fri Jun 7 13:43:47 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.150: +4 -2 lines
Diff to previous 1.150 (colored) to selected 1.142 (colored)

look at rmx_mtu on IPsec tunnel MTU computation.
From: David Waitzman <djw@bbn.com>

Revision 1.150 / (download) - annotate - [select for diffs], Sun May 12 20:33:50 2002 UTC (21 years, 10 months ago) by matt
Branch: MAIN
CVS Tags: netbsd-1-6-base
Branch point for: netbsd-1-6, gehenna-devsw
Changes since 1.149: +4 -2 lines
Diff to previous 1.149 (colored) to selected 1.142 (colored)

Eliminate commons.

Revision 1.149 / (download) - annotate - [select for diffs], Sun May 12 15:48:39 2002 UTC (21 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.148: +5 -5 lines
Diff to previous 1.148 (colored) to selected 1.142 (colored)

Spelling fixes, from Sergey Svishchev in kern/16650.

Revision 1.148 / (download) - annotate - [select for diffs], Tue May 7 02:59:38 2002 UTC (21 years, 10 months ago) by matt
Branch: MAIN
Changes since 1.147: +17 -17 lines
Diff to previous 1.147 (colored) to selected 1.142 (colored)

Change struct ipqe to use TAILQ's instead of LIST's (primarily for TCP's
benefit currently).  Rework tcp_reass code to optimize the 4 most likely causes
of out-of-order packets: first OoO pkt, next OoO pkt in seq, OoO pkt is part
of new chuck of OoO packets, and the OoO pkt fills the first hole.  Add evcnts
to instrument tcp_reass (enabled by the options TCP_REASS_COUNTERS).  This is
part 1/2 of tcp_reass changes.

Revision 1.130.2.9 / (download) - annotate - [select for diffs], Sat May 4 19:51:50 2002 UTC (21 years, 10 months ago) by thorpej
Branch: nathanw_sa
Changes since 1.130.2.8: +3 -3 lines
Diff to previous 1.130.2.8 (colored) to selected 1.142 (colored)

Update from trunk.

Revision 1.147 / (download) - annotate - [select for diffs], Thu Apr 18 22:33:21 2002 UTC (21 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.146: +3 -3 lines
Diff to previous 1.146 (colored) to selected 1.142 (colored)

Change test for M_EXT to M_READONLY for MROUTING.  We only need to to do
a pullup if we aren't allowed to modify the packet.

Revision 1.130.2.8 / (download) - annotate - [select for diffs], Mon Apr 1 07:48:36 2002 UTC (21 years, 11 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.7: +3 -3 lines
Diff to previous 1.130.2.7 (colored) to selected 1.142 (colored)

Catch up to -current.
(CVS: It's not just a program. It's an adventure!)

Revision 1.135.2.3 / (download) - annotate - [select for diffs], Sat Mar 16 16:02:12 2002 UTC (22 years ago) by jdolecek
Branch: kqueue
Changes since 1.135.2.2: +30 -3 lines
Diff to previous 1.135.2.2 (colored) to selected 1.142 (colored)

Catch up with -current.

Revision 1.146 / (download) - annotate - [select for diffs], Fri Mar 8 20:48:43 2002 UTC (22 years ago) by thorpej
Branch: MAIN
CVS Tags: newlock-base, newlock, eeh-devprop-base, eeh-devprop
Changes since 1.145: +3 -3 lines
Diff to previous 1.145 (colored) to selected 1.142 (colored)

Pool deals fairly well with physical memory shortage, but it doesn't
deal with shortages of the VM maps where the backing pages are mapped
(usually kmem_map).  Try to deal with this:

* Group all information about the backend allocator for a pool in a
  separate structure.  The pool references this structure, rather than
  the individual fields.
* Change the pool_init() API accordingly, and adjust all callers.
* Link all pools using the same backend allocator on a list.
* The backend allocator is responsible for waiting for physical memory
  to become available, but will still fail if it cannot callocate KVA
  space for the pages.  If this happens, carefully drain all pools using
  the same backend allocator, so that some KVA space can be freed.
* Change pool_reclaim() to indicate if it actually succeeded in freeing
  some pages, and use that information to make draining easier and more
  efficient.
* Get rid of PR_URGENT.  There was only one use of it, and it could be
  dealt with by the caller.

From art@openbsd.org.

Revision 1.130.2.7 / (download) - annotate - [select for diffs], Thu Feb 28 04:15:08 2002 UTC (22 years ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.6: +29 -2 lines
Diff to previous 1.130.2.6 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.114.4.8 / (download) - annotate - [select for diffs], Tue Feb 26 21:07:56 2002 UTC (22 years ago) by he
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.114.4.7: +8 -1 lines
Diff to previous 1.114.4.7 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

Pull up revision 1.145 (requested by itojun):
  Correctly enforce ipsec policy check in IPv4 forwarding case.

Revision 1.114.4.7 / (download) - annotate - [select for diffs], Tue Feb 26 20:57:03 2002 UTC (22 years ago) by he
Branch: netbsd-1-5
Changes since 1.114.4.6: +9 -1 lines
Diff to previous 1.114.4.6 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

Pull up revision 1.144 (requested by martin):
  Clear M_BCAST and M_MCAST on encapsulated packets on outgoing
  mbufs.  Also do not copy TTL from the inner packet, and make the
  outer TTL sysctl'able.  Fixes PR#14269, and makes traceroute work
  over GRE tunnels.

Revision 1.145 / (download) - annotate - [select for diffs], Mon Feb 25 02:17:55 2002 UTC (22 years ago) by itojun
Branch: MAIN
CVS Tags: ifpoll-base
Changes since 1.144: +9 -2 lines
Diff to previous 1.144 (colored) to selected 1.142 (colored)

correctly enforce ipsec policy check on forwarding case.
From: Greg Troxel <gdt@ir.bbn.com>, Bill Chiarchiaro <wjc@work.cleartech.com>

Revision 1.144 / (download) - annotate - [select for diffs], Sun Feb 24 17:22:21 2002 UTC (22 years ago) by martin
Branch: MAIN
Changes since 1.143: +10 -2 lines
Diff to previous 1.143 (colored) to selected 1.142 (colored)

Clear M_BCAST and M_MCAST on outgoing mbufs.
Don't copy ttl from the inner packet to the encapsulating packet. Make
the outer ttl sysctl'able. This should close PR 14269 from Jasper Wallace
(change partly from there) and it makes traceroute work over gre tunnels.

Revision 1.143 / (download) - annotate - [select for diffs], Thu Feb 21 08:39:33 2002 UTC (22 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.142: +14 -2 lines
Diff to previous 1.142 (colored)

suppress source quence message, based on router-req RFC (also could be abused
as DoS traffic generator).  from kjc/kame

Revision 1.135.2.2 / (download) - annotate - [select for diffs], Thu Jan 10 20:02:50 2002 UTC (22 years, 2 months ago) by thorpej
Branch: kqueue
Changes since 1.135.2.1: +29 -31 lines
Diff to previous 1.135.2.1 (colored) to selected 1.142 (colored)

Sync kqueue branch with -current.

Revision 1.130.2.6 / (download) - annotate - [select for diffs], Tue Jan 8 00:34:06 2002 UTC (22 years, 2 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.5: +3 -2 lines
Diff to previous 1.130.2.5 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.142 / (download) - annotate - [selected], Wed Nov 28 09:25:13 2001 UTC (22 years, 3 months ago) by darrenr
Branch: MAIN
Changes since 1.141: +3 -2 lines
Diff to previous 1.141 (colored)

recompute hlen after calling pfil_run_hooks() in case ip_hl was changed.

Revision 1.130.2.5 / (download) - annotate - [select for diffs], Wed Nov 14 19:17:49 2001 UTC (22 years, 4 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.4: +27 -30 lines
Diff to previous 1.130.2.4 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.141 / (download) - annotate - [select for diffs], Tue Nov 13 00:32:38 2001 UTC (22 years, 4 months ago) by lukem
Branch: MAIN
Changes since 1.140: +4 -1 lines
Diff to previous 1.140 (colored) to selected 1.142 (colored)

add RCSIDs

Revision 1.137.2.1 / (download) - annotate - [select for diffs], Mon Nov 12 21:19:24 2001 UTC (22 years, 4 months ago) by thorpej
Branch: thorpej-mips-cache
Changes since 1.137: +24 -30 lines
Diff to previous 1.137 (colored) next main 1.138 (colored) to selected 1.142 (colored)

Sync the thorpej-mips-cache branch with -current.

Revision 1.140 / (download) - annotate - [select for diffs], Sun Nov 4 20:55:27 2001 UTC (22 years, 4 months ago) by matt
Branch: MAIN
CVS Tags: thorpej-mips-cache-base
Changes since 1.139: +23 -25 lines
Diff to previous 1.139 (colored) to selected 1.142 (colored)

Convert netinet to not use the internal <sys/queue.h> field names
but instead the access macros.  Use the FOREACH macros where appropriate.

Revision 1.139 / (download) - annotate - [select for diffs], Sun Nov 4 13:42:27 2001 UTC (22 years, 4 months ago) by matt
Branch: MAIN
Changes since 1.138: +2 -2 lines
Diff to previous 1.138 (colored) to selected 1.142 (colored)

Change a few variable/tables to const since they are read-only.

Revision 1.138 / (download) - annotate - [select for diffs], Mon Oct 29 07:02:33 2001 UTC (22 years, 4 months ago) by simonb
Branch: MAIN
Changes since 1.137: +1 -5 lines
Diff to previous 1.137 (colored) to selected 1.142 (colored)

Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
anymore.

Revision 1.136.2.1 / (download) - annotate - [select for diffs], Mon Oct 1 12:47:43 2001 UTC (22 years, 5 months ago) by fvdl
Branch: thorpej-devvp
Changes since 1.136: +2 -2 lines
Diff to previous 1.136 (colored) next main 1.137 (colored) to selected 1.142 (colored)

Catch up with -current.

Revision 1.130.2.4 / (download) - annotate - [select for diffs], Fri Sep 21 22:36:48 2001 UTC (22 years, 6 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.3: +2 -2 lines
Diff to previous 1.130.2.3 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.137 / (download) - annotate - [select for diffs], Mon Sep 17 17:27:00 2001 UTC (22 years, 6 months ago) by thorpej
Branch: MAIN
CVS Tags: thorpej-devvp-base3, thorpej-devvp-base2
Branch point for: thorpej-mips-cache
Changes since 1.136: +2 -2 lines
Diff to previous 1.136 (colored) to selected 1.142 (colored)

Split the pre-computed ifnet checksum flags into Tx and Rx directions.
Add capabilities bits that indicate an interface can only perform
in-bound TCPv4 or UDPv4 checksums.  There is at least one Gig-E chip
for which this is true (Level One LXT-1001), and this is also the
case for the Intel i82559 10/100 Ethernet chips.

Revision 1.135.2.1 / (download) - annotate - [select for diffs], Sat Aug 25 06:17:02 2001 UTC (22 years, 6 months ago) by thorpej
Branch: kqueue
Changes since 1.135: +2 -2 lines
Diff to previous 1.135 (colored) to selected 1.142 (colored)

Merge Aug 24 -current into the kqueue branch.

Revision 1.130.2.3 / (download) - annotate - [select for diffs], Fri Aug 24 00:12:25 2001 UTC (22 years, 7 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.2: +2 -2 lines
Diff to previous 1.130.2.2 (colored) to selected 1.142 (colored)

Catch up with -current.

Revision 1.136 / (download) - annotate - [select for diffs], Mon Aug 6 10:25:00 2001 UTC (22 years, 7 months ago) by itojun
Branch: MAIN
CVS Tags: thorpej-devvp-base, pre-chs-ubcperf, post-chs-ubcperf
Branch point for: thorpej-devvp
Changes since 1.135: +2 -2 lines
Diff to previous 1.135 (colored) to selected 1.142 (colored)

cache IPsec policy on in6?pcb.  most of the lookup operations can be bypassed,
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.

Revision 1.130.2.2 / (download) - annotate - [select for diffs], Thu Jun 21 20:08:37 2001 UTC (22 years, 9 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130.2.1: +63 -9 lines
Diff to previous 1.130.2.1 (colored) to selected 1.142 (colored)

Catch up to -current.

Revision 1.135 / (download) - annotate - [select for diffs], Sat Jun 2 16:17:09 2001 UTC (22 years, 9 months ago) by thorpej
Branch: MAIN
Branch point for: kqueue
Changes since 1.134: +54 -4 lines
Diff to previous 1.134 (colored) to selected 1.142 (colored)

Implement support for IP/TCP/UDP checksum offloading provided by
network interfaces.  This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us.  In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software.  This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off".  It is
enabled with ifconfig(8).  See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.

Revision 1.82.2.7 / (download) - annotate - [select for diffs], Wed May 30 09:44:09 2001 UTC (22 years, 9 months ago) by he
Branch: netbsd-1-4
Changes since 1.82.2.6: +32 -1 lines
Diff to previous 1.82.2.6 (colored) to branchpoint 1.82 (colored) next main 1.83 (colored) to selected 1.142 (colored)

Pull up revisions 1.131,1.133 (via patch, requested by he):
  Introduce net.inet.ip.maxfragpackets, which controls the maximum
  number of IPv4 fragment reassembly queue entries.  Defends against
  certain DoS attacks.  Fixes SA#2001-006.

Revision 1.134 / (download) - annotate - [select for diffs], Mon May 21 03:31:36 2001 UTC (22 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.133: +2 -2 lines
Diff to previous 1.133 (colored) to selected 1.142 (colored)

fix spelo in comment

Revision 1.114.4.6 / (download) - annotate - [select for diffs], Tue Apr 24 22:21:20 2001 UTC (22 years, 10 months ago) by he
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-PATCH002, netbsd-1-5-PATCH001
Changes since 1.114.4.5: +31 -1 lines
Diff to previous 1.114.4.5 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

Pull up revisions 1.131,1.133 (requested by itojun):
  Introduce net.inet.ip.maxfragpackets, which controls the maximum
  number of IPv4 fragment reassembly queue entries.  Defends against
  certain DoS attacks.

Revision 1.93.2.8 / (download) - annotate - [select for diffs], Sat Apr 21 17:46:48 2001 UTC (22 years, 11 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93.2.7: +9 -5 lines
Diff to previous 1.93.2.7 (colored) next main 1.94 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.133 / (download) - annotate - [select for diffs], Mon Apr 16 17:03:33 2001 UTC (22 years, 11 months ago) by itojun
Branch: MAIN
CVS Tags: thorpej_scsipi_nbase, thorpej_scsipi_beforemerge, thorpej_scsipi_base
Changes since 1.132: +2 -2 lines
Diff to previous 1.132 (colored) to selected 1.142 (colored)

give a default value to net.inet.ip.maxfragpackets, to protect us from
"lots of fragmented packets" DoS attack.

the current default value is derived from ipv6 counterpart, which is
a magical value "200".  it should be enough for normal systems, not sure
if it is enough when you take hundreds of thousands of tcp connections on
your system.  if you have proposal for a better value with concrete reasons,
let me know.

Revision 1.132 / (download) - annotate - [select for diffs], Fri Apr 13 23:30:22 2001 UTC (22 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.131: +8 -4 lines
Diff to previous 1.131 (colored) to selected 1.142 (colored)

Remove the use of splimp() from the NetBSD kernel.  splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.

Revision 1.130.2.1 / (download) - annotate - [select for diffs], Mon Apr 9 01:58:25 2001 UTC (22 years, 11 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.130: +31 -1 lines
Diff to previous 1.130 (colored) to selected 1.142 (colored)

Catch up with -current.

Revision 1.114.4.5 / (download) - annotate - [select for diffs], Fri Apr 6 00:24:47 2001 UTC (22 years, 11 months ago) by he
Branch: netbsd-1-5
Changes since 1.114.4.4: +13 -2 lines
Diff to previous 1.114.4.4 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

Pull up revision 1.127 (via patch, requested by itojun):
  Record IPsec packet history in m_aux structure.  Let ipfilter
  look at wire-format packet only (not the decapsulated ones), so
  that VPN setting can work with NAT/ipfilter settings.

Revision 1.93.2.7 / (download) - annotate - [select for diffs], Tue Mar 27 15:32:31 2001 UTC (22 years, 11 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93.2.6: +31 -1 lines
Diff to previous 1.93.2.6 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.131 / (download) - annotate - [select for diffs], Tue Mar 27 02:24:38 2001 UTC (22 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.130: +31 -1 lines
Diff to previous 1.130 (colored) to selected 1.142 (colored)

net.inet.ip.maxfragpackets defines the maximum size of ip reass queue
(prevents fragment flood from chewing up mbuf memory space).
derived from KAME net.inet6.ip6.maxfragpackets.

Revision 1.93.2.6 / (download) - annotate - [select for diffs], Mon Mar 12 13:31:50 2001 UTC (23 years ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93.2.5: +24 -2 lines
Diff to previous 1.93.2.5 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.114.4.4 / (download) - annotate - [select for diffs], Sun Mar 11 21:10:34 2001 UTC (23 years ago) by he
Branch: netbsd-1-5
Changes since 1.114.4.3: +14 -1 lines
Diff to previous 1.114.4.3 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

Pull up revision 1.128 (requested by itojun):
  Ensure that we enforce inbound IPsec policy on all IP protocols,
  not just TCP, UDP and ICMP.

Revision 1.130 / (download) - annotate - [select for diffs], Fri Mar 2 04:26:10 2001 UTC (23 years ago) by itojun
Branch: MAIN
Branch point for: nathanw_sa
Changes since 1.129: +5 -3 lines
Diff to previous 1.129 (colored) to selected 1.142 (colored)

increase ipstat.ips_badaddr if the packet fails to pass address checks.

Revision 1.129 / (download) - annotate - [select for diffs], Fri Mar 2 02:05:36 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.128: +8 -1 lines
Diff to previous 1.128 (colored) to selected 1.142 (colored)

reject packets with 127/8 on IPv4 src/dst, they must not appear on wire
(RFC1122).  torture-tests will be welcomed.
XXX do we want to check source routing headers as well?

Revision 1.128 / (download) - annotate - [select for diffs], Thu Mar 1 16:31:39 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.127: +14 -1 lines
Diff to previous 1.127 (colored) to selected 1.142 (colored)

make sure to enforce inbound ipsec policy checking, for any protocols on top
of ip (check it when final header is visited).  sync with kame.
XXX kame team will need to re-check policy engine code

Revision 1.93.2.5 / (download) - annotate - [select for diffs], Sun Feb 11 19:17:14 2001 UTC (23 years, 1 month ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93.2.4: +18 -7 lines
Diff to previous 1.93.2.4 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.127 / (download) - annotate - [select for diffs], Wed Jan 24 09:04:15 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.126: +18 -7 lines
Diff to previous 1.126 (colored) to selected 1.142 (colored)

- record IPsec packet history into m_aux structure.
- let ipfilter look at wire-format packet only (not the decapsulated ones),
  so that VPN setting can work with NAT/ipfilter settings.
sync with kame.

TODO: use header history for stricter inbound validation

Revision 1.93.2.4 / (download) - annotate - [select for diffs], Fri Jan 5 17:36:55 2001 UTC (23 years, 2 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93.2.3: +10 -2 lines
Diff to previous 1.93.2.3 (colored) to selected 1.142 (colored)

Sync with HEAD

Revision 1.126 / (download) - annotate - [select for diffs], Thu Dec 28 21:40:59 2000 UTC (23 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.125: +3 -3 lines
Diff to previous 1.125 (colored) to selected 1.142 (colored)

Back out the sledgehammer damage applied by wiz while I was out for
the holiday.

Revision 1.125 / (download) - annotate - [select for diffs], Mon Dec 25 02:00:47 2000 UTC (23 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.124: +2 -2 lines
Diff to previous 1.124 (colored) to selected 1.142 (colored)

Back out previous change. It causes NAT to fail, and was CLEARLY
NOT TESTED before it was committed.

Revision 1.124 / (download) - annotate - [select for diffs], Fri Dec 22 20:01:18 2000 UTC (23 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.123: +3 -3 lines
Diff to previous 1.123 (colored) to selected 1.142 (colored)

Slight adjustment to how pfil_head's are registered.  Instead of a
"key" and a "dlt", use a "type" (PFIL_TYPE_{AF,IFNET} for now) and
a val/ptr appropriate for that type.  This allows for more future
flexibility with the pfil_hook mechanism.

Revision 1.123 / (download) - annotate - [select for diffs], Thu Dec 14 17:36:44 2000 UTC (23 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.122: +9 -1 lines
Diff to previous 1.122 (colored) to selected 1.142 (colored)

Add ALTQ glue.  XXX Temporary until ALTQ is changed to use a pfil hook.

Revision 1.93.2.3 / (download) - annotate - [select for diffs], Fri Dec 8 09:18:42 2000 UTC (23 years, 3 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93.2.2: +2 -1 lines
Diff to previous 1.93.2.2 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.122 / (download) - annotate - [select for diffs], Fri Nov 24 03:43:20 2000 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.121: +3 -2 lines
Diff to previous 1.121 (colored) to selected 1.142 (colored)

IFA_STATS stability (not complete); don't touch ip if it is NULL.

Revision 1.93.2.2 / (download) - annotate - [select for diffs], Wed Nov 22 16:06:10 2000 UTC (23 years, 4 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93.2.1: +31 -27 lines
Diff to previous 1.93.2.1 (colored) to selected 1.142 (colored)

Sync with HEAD.

Revision 1.93.2.1 / (download) - annotate - [select for diffs], Mon Nov 20 18:10:29 2000 UTC (23 years, 4 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.93: +180 -79 lines
Diff to previous 1.93 (colored) to selected 1.142 (colored)

Update thorpej_scsipi to -current as of a month ago

Revision 1.121 / (download) - annotate - [select for diffs], Sat Nov 11 00:52:38 2000 UTC (23 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.120: +29 -25 lines
Diff to previous 1.120 (colored) to selected 1.142 (colored)

Restructure the PFIL_HOOKS mechanism a bit:
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
  fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
  The "dlt" is a BPF data link type, indicating what type of header is
  present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
  dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
  an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
  less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.

Revision 1.120 / (download) - annotate - [select for diffs], Wed Nov 8 14:28:15 2000 UTC (23 years, 4 months ago) by ad
Branch: MAIN
Changes since 1.119: +3 -3 lines
Diff to previous 1.119 (colored) to selected 1.142 (colored)

Update for hashinit() change.

Revision 1.114.4.3 / (download) - annotate - [select for diffs], Tue Oct 17 00:59:49 2000 UTC (23 years, 5 months ago) by tv
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-RELEASE, netbsd-1-5-BETA2, netbsd-1-5-BETA
Changes since 1.114.4.2: +5 -2 lines
Diff to previous 1.114.4.2 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

Pullup 1.119 [itojun]:
make sure we don't share external mbuf between m and mcopy, in ip_forward().
should solve PR 11201.

Revision 1.119 / (download) - annotate - [select for diffs], Fri Oct 13 01:50:04 2000 UTC (23 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.118: +5 -2 lines
Diff to previous 1.118 (colored) to selected 1.142 (colored)

make sure we don't share external mbuf between m and mcopy, in ip_forward().
should solve PR 11201.

Revision 1.114.4.2 / (download) - annotate - [select for diffs], Sun Aug 27 01:11:04 2000 UTC (23 years, 6 months ago) by itojun
Branch: netbsd-1-5
Changes since 1.114.4.1: +5 -3 lines
Diff to previous 1.114.4.1 (colored) to branchpoint 1.114 (colored) to selected 1.142 (colored)

pullup 1.117 -> 1.118 (approved by releng-1-5)

 > make sure anonport{min,max} is not negative number

Revision 1.114.4.1 / (download) - annotate - [select for diffs], Sat Aug 26 16:38:33 2000 UTC (23 years, 6 months ago) by tron
Branch: netbsd-1-5
Changes since 1.114: +26 -1 lines
Diff to previous 1.114 (colored) to selected 1.142 (colored)

Pull up from current (approved by thorpej):

Add new sysctl variables "net.inet.ip.lowportmin" and
"net.inet.ip.lowportmax" which can be used to the set minimum
and maximum port number assigned to sockets using
IP_PORTRANGE_LOW.

syssrc/sys/netinet/in.h			1.49 -> 1.50
syssrc/sys/netinet/in_pcb.c		1.66 -> 1.67
syssrc/sys/netinet/ip_input.c		1.116 -> 1.117
syssrc/sys/netinet/ip_var.h		1.41 -> 1.42

Revision 1.118 / (download) - annotate - [select for diffs], Sat Aug 26 10:41:29 2000 UTC (23 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.117: +5 -3 lines
Diff to previous 1.117 (colored) to selected 1.142 (colored)

make sure anonport{min,max} is not negative number

Revision 1.117 / (download) - annotate - [select for diffs], Fri Aug 25 13:35:05 2000 UTC (23 years, 6 months ago) by tron
Branch: MAIN
Changes since 1.116: +26 -1 lines
Diff to previous 1.116 (colored) to selected 1.142 (colored)

Add new sysctl variables "net.inet.ip.lowportmin" and
"net.inet.ip.lowportmax" which can be used to the set minimum
and maximum port number assigned to sockets using
IP_PORTRANGE_LOW.

Revision 1.116 / (download) - annotate - [select for diffs], Thu Jul 6 12:51:40 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.115: +1 -2 lines
Diff to previous 1.115 (colored) to selected 1.142 (colored)

remove unnecessary #include <netkey/key_debug.h>.  from kame.

Revision 1.115 / (download) - annotate - [select for diffs], Wed Jun 28 03:01:16 2000 UTC (23 years, 8 months ago) by mrg
Branch: MAIN
Changes since 1.114: +3 -2 lines
Diff to previous 1.114 (colored) to selected 1.142 (colored)

<vm/vm.h> -> <uvm/uvm_extern.h>

Revision 1.114 / (download) - annotate - [select for diffs], Wed May 10 03:31:30 2000 UTC (23 years, 10 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-base, netbsd-1-5-ALPHA2, minoura-xpg4dl-base, minoura-xpg4dl
Branch point for: netbsd-1-5
Changes since 1.113: +32 -6 lines
Diff to previous 1.113 (colored) to selected 1.142 (colored)

add missing boundary checks to ip options processing.
correct timestamp option validation (len and ptr upper/lower bound
based on RFC791).
fill "pointer" field for parameter problem in timestamp option processing.

Revision 1.113 / (download) - annotate - [select for diffs], Wed May 10 01:19:44 2000 UTC (23 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.112: +5 -1 lines
Diff to previous 1.112 (colored) to selected 1.142 (colored)

correct more out-of-bounds memory access, if cnt == 1 and optlen > 1.

Revision 1.82.2.6 / (download) - annotate - [select for diffs], Sat May 6 16:43:25 2000 UTC (23 years, 10 months ago) by he
Branch: netbsd-1-4
CVS Tags: netbsd-1-4-PATCH003
Changes since 1.82.2.5: +3 -3 lines
Diff to previous 1.82.2.5 (colored) to branchpoint 1.82 (colored) to selected 1.142 (colored)

Pull up revision 1.112 (requested by sommerfeld):
  Handle large offsets inside very small options correctly.

Revision 1.112 / (download) - annotate - [select for diffs], Sat May 6 16:35:14 2000 UTC (23 years, 10 months ago) by sommerfeld
Branch: MAIN
Changes since 1.111: +3 -3 lines
Diff to previous 1.111 (colored) to selected 1.142 (colored)

Handle large offsets with very small options correctly.

Revision 1.111 / (download) - annotate - [select for diffs], Fri Mar 31 14:27:17 2000 UTC (23 years, 11 months ago) by jdolecek
Branch: MAIN
Changes since 1.110: +5 -2 lines
Diff to previous 1.110 (colored) to selected 1.142 (colored)

Slighly improve previous - only include <netinet/ip_mroute.h> if MROUTING
is defined.

Revision 1.110 / (download) - annotate - [select for diffs], Fri Mar 31 08:34:20 2000 UTC (23 years, 11 months ago) by jdolecek
Branch: MAIN
Changes since 1.109: +2 -1 lines
Diff to previous 1.109 (colored) to selected 1.142 (colored)

include <netinet/ip_mroute.h> for ip_mforward() - needed after
last duplicate prototype sweep (prototype for ip_mforward() used to be in <netinet/ip_var.h>)

Revision 1.109 / (download) - annotate - [select for diffs], Thu Mar 30 13:24:59 2000 UTC (23 years, 11 months ago) by augustss
Branch: MAIN
Changes since 1.108: +31 -31 lines
Diff to previous 1.108 (colored) to selected 1.142 (colored)

Remove register declarations.

Revision 1.108 / (download) - annotate - [select for diffs], Thu Mar 30 02:35:24 2000 UTC (23 years, 11 months ago) by simonb
Branch: MAIN
Changes since 1.107: +1 -2 lines
Diff to previous 1.107 (colored) to selected 1.142 (colored)

Delete uninitialised declaration of ip_defttl - there's an initialised
decl earlier in this file.

Revision 1.107 / (download) - annotate - [select for diffs], Fri Mar 10 22:39:03 2000 UTC (24 years ago) by thorpej
Branch: MAIN
Changes since 1.106: +2 -1 lines
Diff to previous 1.106 (colored) to selected 1.142 (colored)

Back out previous, and adjust a comment.

Revision 1.106 / (download) - annotate - [select for diffs], Tue Mar 7 05:39:57 2000 UTC (24 years ago) by thorpej
Branch: MAIN
Changes since 1.105: +2 -3 lines
Diff to previous 1.105 (colored) to selected 1.142 (colored)

Back out part of 1.104 which isn't actually needed.

Revision 1.105 / (download) - annotate - [select for diffs], Fri Mar 3 13:07:42 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.104: +1 -3 lines
Diff to previous 1.104 (colored) to selected 1.142 (colored)

remove unnecessary ttl initialization which I mistakingly bringed in
during KAME merge (this is part of WIDE's expeirmental reass code...)
NetBSD PR: 9412
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
Fix from: ho@crt.se
itojun was notified from: theo

Revision 1.82.2.5 / (download) - annotate - [select for diffs], Thu Mar 2 10:24:18 2000 UTC (24 years ago) by he
Branch: netbsd-1-4
CVS Tags: netbsd-1-4-PATCH002
Changes since 1.82.2.4: +9 -8 lines
Diff to previous 1.82.2.4 (colored) to branchpoint 1.82 (colored) to selected 1.142 (colored)

Pull up revision 1.104 (requested by thorpej):
  Work around a compiler bug that causes a security vulnerability
  in our IP stack on some platforms.

Revision 1.104 / (download) - annotate - [select for diffs], Thu Mar 2 06:07:36 2000 UTC (24 years ago) by thorpej
Branch: MAIN
Changes since 1.103: +9 -8 lines
Diff to previous 1.103 (colored) to selected 1.142 (colored)

Avoid a bug in GCC which manifests itself when processing unaligned
IP options.  Problem pointed out by Matt Hargett and Erik Fair, analyzed
by me.

Revision 1.103 / (download) - annotate - [select for diffs], Wed Mar 1 12:49:33 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.102: +4 -3 lines
Diff to previous 1.102 (colored) to selected 1.142 (colored)

introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)

Revision 1.102 / (download) - annotate - [select for diffs], Sun Feb 20 00:56:39 2000 UTC (24 years, 1 month ago) by darrenr
Branch: MAIN
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored) to selected 1.142 (colored)

pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".

Revision 1.101 / (download) - annotate - [select for diffs], Thu Feb 17 10:59:35 2000 UTC (24 years, 1 month ago) by darrenr
Branch: MAIN
Changes since 1.100: +5 -5 lines
Diff to previous 1.100 (colored) to selected 1.142 (colored)

Change the use of pfil hooks.  There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.

Revision 1.100 / (download) - annotate - [select for diffs], Wed Feb 16 12:40:40 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.99: +22 -7 lines
Diff to previous 1.99 (colored) to selected 1.142 (colored)

- if ip_dst matches address on !IFF_UP interface, and
- there's no match against addresses on IFF_UP interface,
send icmp unreach if I'm router.  drop it if I'm host.

Revised version of PR: 9387 from nrt@iij.ad.jp.  Discussed with thorpej+nrt.

Revision 1.82.2.4 / (download) - annotate - [select for diffs], Sat Feb 12 18:10:24 2000 UTC (24 years, 1 month ago) by he
Branch: netbsd-1-4
Changes since 1.82.2.3: +11 -1 lines
Diff to previous 1.82.2.3 (colored) to branchpoint 1.82 (colored) to selected 1.142 (colored)

Apply patch (requested by thorpej):
  Adhere to RFC 1112 and RFC 1122 by dropping incoming packets with
  a multicast source address.  Fixes part of PR#7003.

Revision 1.99 / (download) - annotate - [select for diffs], Sat Feb 12 18:00:00 2000 UTC (24 years, 1 month ago) by thorpej
Branch: MAIN
CVS Tags: chs-ubc2-newbase
Changes since 1.98: +2 -2 lines
Diff to previous 1.98 (colored) to selected 1.142 (colored)

Typo (Thanks, Havard :-)

Revision 1.98 / (download) - annotate - [select for diffs], Sat Feb 12 17:45:44 2000 UTC (24 years, 1 month ago) by thorpej
Branch: MAIN
Changes since 1.97: +5 -3 lines
Diff to previous 1.97 (colored) to selected 1.142 (colored)

Small cosmetic change, and note a place where a statistic should be
gathered.

Revision 1.97 / (download) - annotate - [select for diffs], Fri Feb 11 05:57:58 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.96: +14 -2 lines
Diff to previous 1.96 (colored) to selected 1.142 (colored)

fix in-kernel packet forwarding loop (till TTL becomes 0) when:
- a packet is delivered to an address X,
- and the address X is configured on my !IFF_UP interface
- and ipforwarding=1

NetBSD PR: 9387
From: nrt@iij.ad.jp

Revision 1.96 / (download) - annotate - [select for diffs], Tue Feb 1 00:07:09 2000 UTC (24 years, 1 month ago) by thorpej
Branch: MAIN
Changes since 1.95: +11 -11 lines
Diff to previous 1.95 (colored) to selected 1.142 (colored)

Use ifatoia() and sintosa() consistently, rather than using home-grown
casting macros intermixed.

Revision 1.95 / (download) - annotate - [select for diffs], Mon Jan 31 14:18:54 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.94: +11 -7 lines
Diff to previous 1.94 (colored) to selected 1.142 (colored)

bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon

Revision 1.92.2.1 / (download) - annotate - [select for diffs], Mon Dec 27 18:36:16 1999 UTC (24 years, 2 months ago) by wrstuden
Branch: wrstuden-devbsize
Changes since 1.92: +7 -2 lines
Diff to previous 1.92 (colored) next main 1.93 (colored) to selected 1.142 (colored)

Pull up to last week's -current.

Revision 1.82.2.2.4.3 / (download) - annotate - [select for diffs], Tue Nov 30 13:35:31 1999 UTC (24 years, 3 months ago) by itojun
Branch: kame
CVS Tags: kame_141_19991130
Changes since 1.82.2.2.4.2: +25 -10 lines
Diff to previous 1.82.2.2.4.2 (colored) to branchpoint 1.82.2.2 (colored) next main 1.82.2.3 (colored) to selected 1.142 (colored)

bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code).  Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.

Revision 1.93.4.1 / (download) - annotate - [select for diffs], Mon Nov 15 00:42:13 1999 UTC (24 years, 4 months ago) by fvdl
Branch: fvdl-softdep
Changes since 1.93: +6 -1 lines
Diff to previous 1.93 (colored) next main 1.94 (colored) to selected 1.142 (colored)

Sync with -current

Revision 1.94 / (download) - annotate - [select for diffs], Tue Oct 26 09:53:17 1999 UTC (24 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: wrstuden-devbsize-base, wrstuden-devbsize-19991221, fvdl-softdep-base, comdex-fall-1999-base, comdex-fall-1999
Changes since 1.93: +6 -1 lines
Diff to previous 1.93 (colored) to selected 1.142 (colored)

disable ipflow (IPv4 fast fowarding) when IPsec is configured into the kernel.

Revision 1.82.2.3 / (download) - annotate - [select for diffs], Sun Oct 17 23:59:59 1999 UTC (24 years, 5 months ago) by cgd
Branch: netbsd-1-4
Changes since 1.82.2.2: +2 -2 lines
Diff to previous 1.82.2.2 (colored) to branchpoint 1.82 (colored) to selected 1.142 (colored)

pull up rev 1.93 from trunk (requested by sommerfeld):
  Multicast storm prevention: don't attempt to forward link-level
  multicast packets which contain ip unicast packets; these packets
  would only be generated from misconfigured/buggy systems.

Revision 1.93 / (download) - annotate - [select for diffs], Sun Oct 17 16:00:00 1999 UTC (24 years, 5 months ago) by sommerfeld
Branch: MAIN
Branch point for: thorpej_scsipi, fvdl-softdep
Changes since 1.92: +2 -2 lines
Diff to previous 1.92 (colored) to selected 1.142 (colored)

In ip_forward():

Avoid forwarding ip unicast packets which were contained inside
link-level multicast packets; having M_MCAST still set in the packet
header flags will mean that the packet will get multicast to a bogus
group instead of unicast to the next hop.

Malformed packets like this have occasionally been spotted "in the
wild" on a mediaone cable modem segment which also had multiple netbsd
machines running as router/NAT boxes.

Without this, any subnet with multiple netbsd routers receiving all
multicasts will generate a packet storm on receipt of such a
multicast.  Note that we already do the same check here for link-level
broadcasts; ip6_forward already does this as well.

Note that multicast forwarding does not go through ip_forward().

Adding some code to if_ethersubr to sanity check link-level
vs. ip-level multicast addresses might also be worthwhile.

Revision 1.82.2.2.2.3 / (download) - annotate - [select for diffs], Mon Aug 2 22:34:58 1999 UTC (24 years, 7 months ago) by thorpej
Branch: chs-ubc2
Changes since 1.82.2.2.2.2: +6 -9 lines
Diff to previous 1.82.2.2.2.2 (colored) to branchpoint 1.82.2.2 (colored) next main 1.82.2.3 (colored) to selected 1.142 (colored)

Update from trunk.

Revision 1.92 / (download) - annotate - [select for diffs], Fri Jul 23 15:21:17 1999 UTC (24 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: chs-ubc2-base
Branch point for: wrstuden-devbsize
Changes since 1.91: +1 -5 lines
Diff to previous 1.91 (colored) to selected 1.142 (colored)

do not include unnecessary include files.

Revision 1.91 / (download) - annotate - [select for diffs], Fri Jul 9 22:57:18 1999 UTC (24 years, 8 months ago) by thorpej
Branch: MAIN
Changes since 1.90: +2 -1 lines
Diff to previous 1.90 (colored) to selected 1.142 (colored)

defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).

Revision 1.90 / (download) - annotate - [select for diffs], Tue Jul 6 12:23:20 1999 UTC (24 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.89: +5 -5 lines
Diff to previous 1.89 (colored) to selected 1.142 (colored)

sync with KAME/NetBSD 1.4, SNAP kit 19990705.
key changes are:
- icmp6 redirect fix (dst check)
- revised ip6 multicast check for loopback i/f
- several RCS ID cleanups

Revision 1.82.2.2.4.2 / (download) - annotate - [select for diffs], Tue Jul 6 11:02:46 1999 UTC (24 years, 8 months ago) by itojun
Branch: kame
CVS Tags: kame_14_19990705
Changes since 1.82.2.2.4.1: +33 -31 lines
Diff to previous 1.82.2.2.4.1 (colored) to branchpoint 1.82.2.2 (colored) to selected 1.142 (colored)

KAME/NetBSD 1.4, SNAP kit 1999/07/05.
NOTE: this branch is just for reference purposes (i.e. for taking cvs diff).
do not touch anything on the branch.  actual work must be done on HEAD branch.

Revision 1.82.2.2.2.2 / (download) - annotate - [select for diffs], Thu Jul 1 23:47:01 1999 UTC (24 years, 8 months ago) by thorpej
Branch: chs-ubc2
Changes since 1.82.2.2.2.1: +158 -29 lines
Diff to previous 1.82.2.2.2.1 (colored) to branchpoint 1.82.2.2 (colored) to selected 1.142 (colored)

Sync w/ -current.

Revision 1.89 / (download) - annotate - [select for diffs], Thu Jul 1 08:12:50 1999 UTC (24 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.88: +153 -28 lines
Diff to previous 1.88 (colored) to selected 1.142 (colored)

IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

Revision 1.82.2.2.4.1 / (download) - annotate - [select for diffs], Mon Jun 28 06:37:00 1999 UTC (24 years, 8 months ago) by itojun
Branch: kame
CVS Tags: kame_14_19990628
Changes since 1.82.2.2: +151 -28 lines
Diff to previous 1.82.2.2 (colored) to selected 1.142 (colored)

KAME/NetBSD 1.4 SNAP kit, dated 19990628.

NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.

Revision 1.88 / (download) - annotate - [select for diffs], Sat Jun 26 06:16:48 1999 UTC (24 years, 8 months ago) by sommerfeld
Branch: MAIN
Changes since 1.87: +6 -2 lines
Diff to previous 1.87 (colored) to selected 1.142 (colored)

If the new global variable hostzerobroadcast is zero, no longer assume
address zero of each net/subnet is a broadcast address.
(The default value is nonzero, which preserves the current behavior).

This can be set using sysctl; the boot-time default can also be
configured using the HOSTZEROBROADCAST kernel config option.

While we're here, defopt HOSTZEROBROADCAST and SUBNETSARELOCAL

Revision 1.82.2.2.2.1 / (download) - annotate - [select for diffs], Mon Jun 21 01:27:49 1999 UTC (24 years, 9 months ago) by thorpej
Branch: chs-ubc2
Changes since 1.82.2.2: +10 -3 lines
Diff to previous 1.82.2.2 (colored) to selected 1.142 (colored)

Sync w/ -current.

Revision 1.87 / (download) - annotate - [select for diffs], Tue May 4 20:13:09 1999 UTC (24 years, 10 months ago) by hwr
Branch: MAIN
Changes since 1.86: +1 -2 lines
Diff to previous 1.86 (colored) to selected 1.142 (colored)

It does not make much sense to increase a "output" counter on input.

Revision 1.82.2.2 / (download) - annotate - [select for diffs], Mon May 3 22:22:42 1999 UTC (24 years, 10 months ago) by perry
Branch: netbsd-1-4
CVS Tags: netbsd-1-4-RELEASE, netbsd-1-4-PATCH001
Branch point for: kame, chs-ubc2
Changes since 1.82.2.1: +3 -5 lines
Diff to previous 1.82.2.1 (colored) to branchpoint 1.82 (colored) to selected 1.142 (colored)

pullup 1.85->1.86 (thorpej)

Revision 1.86 / (download) - annotate - [select for diffs], Mon May 3 22:12:44 1999 UTC (24 years, 10 months ago) by thorpej
Branch: MAIN
Changes since 1.85: +3 -5 lines
Diff to previous 1.85 (colored) to selected 1.142 (colored)

In INADDR_TO_IA(), skip interfaces which are not up.  Revert previous change
to ip_input.c to check the interface status after INADDR_TO_IA().

Fix cooked up by Heiko Rupp and myself.

Fixes PR 7480.

Revision 1.85 / (download) - annotate - [select for diffs], Mon May 3 21:14:47 1999 UTC (24 years, 10 months ago) by hwr
Branch: MAIN
Changes since 1.84: +10 -1 lines
Diff to previous 1.84 (colored) to selected 1.142 (colored)

Drop packets, that have a Class-D address as source address.
Implements the first half of PR 7003.

Revision 1.82.2.1 / (download) - annotate - [select for diffs], Wed Apr 7 23:20:42 1999 UTC (24 years, 11 months ago) by proff
Branch: netbsd-1-4
Changes since 1.82: +5 -2 lines
Diff to previous 1.82 (colored) to selected 1.142 (colored)

pullup 1.82 - 1.83; don't receive packets on downed interface addresses

Revision 1.84 / (download) - annotate - [select for diffs], Wed Apr 7 05:34:32 1999 UTC (24 years, 11 months ago) by proff
Branch: MAIN
Changes since 1.83: +2 -3 lines
Diff to previous 1.83 (colored) to selected 1.142 (colored)

tiny KNF change

Revision 1.83 / (download) - annotate - [select for diffs], Wed Apr 7 02:31:05 1999 UTC (24 years, 11 months ago) by proff
Branch: MAIN
Changes since 1.82: +5 -2 lines
Diff to previous 1.82 (colored) to selected 1.142 (colored)

Prevent reception of packets on downed interfaces (via an up interface).
fixes kern/7327

Revision 1.82 / (download) - annotate - [select for diffs], Sat Mar 27 01:24:49 1999 UTC (24 years, 11 months ago) by aidan
Branch: MAIN
CVS Tags: netbsd-1-4-base
Branch point for: netbsd-1-4
Changes since 1.81: +4 -1 lines
Diff to previous 1.81 (colored) to selected 1.142 (colored)

Added per-addr input/output statistics.  Currently just support netatalk
and netinet, currently only tested under netinet.

Disabled by default, enabled by compiling the kernel with option
IFA_STATS.  Enabling this feature seems to make the ip_output function
take 13% longer than before, which should be OK for people that need
this feature.

Revision 1.81 / (download) - annotate - [select for diffs], Fri Mar 26 08:51:36 1999 UTC (24 years, 11 months ago) by proff
Branch: MAIN
Changes since 1.80: +10 -1 lines
Diff to previous 1.80 (colored) to selected 1.142 (colored)

security: test for ip_len < ip_hl <<2 and drop packet accordingly

Revision 1.80 / (download) - annotate - [select for diffs], Tue Jan 19 23:39:57 1999 UTC (25 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.79: +1 -4 lines
Diff to previous 1.79 (colored) to selected 1.142 (colored)

There's just no plausible reason to byte-swap ip_id internally.  It's opaque.

Revision 1.79 / (download) - annotate - [select for diffs], Tue Jan 19 23:03:21 1999 UTC (25 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.78: +6 -6 lines
Diff to previous 1.78 (colored) to selected 1.142 (colored)

Don't screw with ip_len; just subtract from it where we actually use the
value.

Revision 1.78 / (download) - annotate - [select for diffs], Tue Jan 19 21:58:40 1999 UTC (25 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored) to selected 1.142 (colored)

Don't overwrite the checksum fields when checking them.  There's no reason to
do this, and it screws up ICMP replies.
XXX The returned IP checksum and length are still wrong.

Revision 1.77 / (download) - annotate - [select for diffs], Mon Jan 11 22:35:06 1999 UTC (25 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.76: +14 -11 lines
Diff to previous 1.76 (colored) to selected 1.142 (colored)

Fix byte order and ip_len inconsistencies in ICMP reply code.  Also, fix
some formatting and HTONS(foo) vs. foo = htons(foo) inconsistencies.

PR #6602, Darren Reed.

Revision 1.76 / (download) - annotate - [select for diffs], Sat Dec 19 02:46:12 1998 UTC (25 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.75: +38 -38 lines
Diff to previous 1.75 (colored) to selected 1.142 (colored)

Reverse the copyright-notice-swap.  It went against existing practice.

Revision 1.75 / (download) - annotate - [select for diffs], Fri Dec 18 21:35:11 1998 UTC (25 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.74: +75 -2 lines
Diff to previous 1.74 (colored) to selected 1.142 (colored)

Add a lock around the IP fragment reassembly queue, to prevent ip_drain()
from corrupting the queue if called from a device's interrupt context.

Should fix PR #5684.

Revision 1.74.2.1 / (download) - annotate - [select for diffs], Fri Dec 11 04:53:08 1998 UTC (25 years, 3 months ago) by kenh
Branch: kenh-if-detach
Changes since 1.74: +33 -6 lines
Diff to previous 1.74 (colored) next main 1.75 (colored) to selected 1.142 (colored)

The beginnings of interface detach support.  Still some bugs, but mostly
works for me.

This work was originally by Bill Studenmund, and cleaned up by me.

Revision 1.53.2.4 / (download) - annotate - [select for diffs], Sun Nov 15 19:18:13 1998 UTC (25 years, 4 months ago) by cgd
Branch: netbsd-1-3
CVS Tags: netbsd-1-3-PATCH003-CANDIDATE2, netbsd-1-3-PATCH003-CANDIDATE1, netbsd-1-3-PATCH003-CANDIDATE0, netbsd-1-3-PATCH003
Changes since 1.53.2.3: +2 -1 lines
Diff to previous 1.53.2.3 (colored) to branchpoint 1.53 (colored) next main 1.54 (colored) to selected 1.142 (colored)

pull up rev 1.74 from trunk (thorpej)

Revision 1.74 / (download) - annotate - [select for diffs], Fri Nov 13 03:24:22 1998 UTC (25 years, 4 months ago) by thorpej
Branch: MAIN
CVS Tags: kenh-if-detach-base
Branch point for: kenh-if-detach
Changes since 1.73: +2 -1 lines
Diff to previous 1.73 (colored) to selected 1.142 (colored)

Once a fragmented IP packet has been reassembled, recompute the packet
length before passing it up the stack.  From FreeBSD.

Revision 1.73 / (download) - annotate - [select for diffs], Thu Oct 8 01:41:46 1998 UTC (25 years, 5 months ago) by thorpej
Branch: MAIN
CVS Tags: chs-ubc-base, chs-ubc
Changes since 1.72: +4 -1 lines
Diff to previous 1.72 (colored) to selected 1.142 (colored)

Use the pool allocator for ipflow entries.

Revision 1.72 / (download) - annotate - [select for diffs], Thu Oct 8 01:19:25 1998 UTC (25 years, 5 months ago) by thorpej
Branch: MAIN
Changes since 1.71: +13 -8 lines
Diff to previous 1.71 (colored) to selected 1.142 (colored)

Use the pool allocator for ipqent structures.

Revision 1.53.2.3 / (download) - annotate - [select for diffs], Thu Oct 1 17:57:42 1998 UTC (25 years, 5 months ago) by cgd
Branch: netbsd-1-3
Changes since 1.53.2.2: +55 -15 lines
Diff to previous 1.53.2.2 (colored) to branchpoint 1.53 (colored) to selected 1.142 (colored)

pull up revisions 1.57-1.58 (via patch), 1.71 (via patch) from trunk. (tls)

Revision 1.71 / (download) - annotate - [select for diffs], Wed Sep 30 21:52:25 1998 UTC (25 years, 5 months ago) by tls
Branch: MAIN
Changes since 1.70: +38 -38 lines
Diff to previous 1.70 (colored) to selected 1.142 (colored)

Switch order of TNF and UCB copyrights so UCB copyright is first; this seems more appropriate since UCB wrote the original code, after all.

Revision 1.70 / (download) - annotate - [select for diffs], Wed Sep 9 04:57:18 1998 UTC (25 years, 6 months ago) by thorpej
Branch: MAIN
Changes since 1.69: +4 -3 lines
Diff to previous 1.69 (colored) to selected 1.142 (colored)

Make a diagnostic printf more sensible, PR #5951, Heiko W. Rupp.

Revision 1.69 / (download) - annotate - [select for diffs], Sun Aug 9 08:58:19 1998 UTC (25 years, 7 months ago) by mrg
Branch: MAIN
Changes since 1.68: +2 -1 lines
Diff to previous 1.68 (colored) to selected 1.142 (colored)

defopt PFIL_HOOKS.

Revision 1.53.2.2 / (download) - annotate - [select for diffs], Wed Jul 22 23:50:10 1998 UTC (25 years, 8 months ago) by mellon
Branch: netbsd-1-3
Changes since 1.53.2.1: +6 -3 lines
Diff to previous 1.53.2.1 (colored) to branchpoint 1.53 (colored) to selected 1.142 (colored)

Pull up 1.59 and 1.68 (veego)

Revision 1.68 / (download) - annotate - [select for diffs], Fri Jul 17 00:28:00 1998 UTC (25 years, 8 months ago) by sommerfe
Branch: MAIN
CVS Tags: eeh-paddr_t-base, eeh-paddr_t
Changes since 1.67: +5 -2 lines
Diff to previous 1.67 (colored) to selected 1.142 (colored)

Fix PR5508: ipfil cut-through forwarding causes panic

Revision 1.67 / (download) - annotate - [select for diffs], Mon Jun 1 00:39:37 1998 UTC (25 years, 9 months ago) by thorpej
Branch: MAIN
Changes since 1.66: +7 -1 lines
Diff to previous 1.66 (colored) to selected 1.142 (colored)

Protect the ipflow_reap() call with splsoftnet.

Revision 1.66 / (download) - annotate - [select for diffs], Sun May 24 20:14:53 1998 UTC (25 years, 10 months ago) by thorpej
Branch: MAIN
Changes since 1.65: +3 -3 lines
Diff to previous 1.65 (colored) to selected 1.142 (colored)

Fix OBOB in IP timestamp option processing, as noted in FreeBSD PR 6738,
from Jennifer Dawn Meyers <jdm@enteract.com>.

Revision 1.53.2.1 / (download) - annotate - [select for diffs], Sat May 9 03:33:00 1998 UTC (25 years, 10 months ago) by mycroft
Branch: netbsd-1-3
CVS Tags: netbsd-1-3-PATCH002
Changes since 1.53: +30 -3 lines
Diff to previous 1.53 (colored) to selected 1.142 (colored)

Pull up patch from kml.

Revision 1.65 / (download) - annotate - [select for diffs], Mon May 4 19:24:53 1998 UTC (25 years, 10 months ago) by matt
Branch: MAIN
Changes since 1.64: +8 -1 lines
Diff to previous 1.64 (colored) to selected 1.142 (colored)

Default IP flow to being enabled.  Add a sysctl to control the maximum
number of flows (net.inet.ip.maxflows).  If set to 0, will disable fast
path forwarding.

Revision 1.64 / (download) - annotate - [select for diffs], Fri May 1 03:23:24 1998 UTC (25 years, 10 months ago) by thorpej
Branch: MAIN
Changes since 1.63: +14 -3 lines
Diff to previous 1.63 (colored) to selected 1.142 (colored)

Allow packet filters to prevent a packet from creating a fast-forwarding
flow, by setting the "can fast forward" flag in the packet header, and
giving a chance for filters to clear the flag.  If the flag is still
set after the filters have given it a chance, the packet will be used
to create a fast-forward flow entry.

Revision 1.63 / (download) - annotate - [select for diffs], Wed Apr 29 21:37:55 1998 UTC (25 years, 10 months ago) by matt
Branch: MAIN
Changes since 1.62: +13 -2 lines
Diff to previous 1.62 (colored) to selected 1.142 (colored)

Add support for "fast" forwarding.  Add hooks in if_ethersubr.c and
if_fddisubr.c to fastpath IP forwarding.  If ip_forward successfully
forwards a packet, it will create a cache (ipflow) entry.  ether_input
and fddi_input will first call ipflow_fastforward with the received
packet and if the packet passes enough tests, it will be forwarded (the
ttl is decremented and the cksum is adjusted incrementally).

Revision 1.62 / (download) - annotate - [select for diffs], Wed Apr 29 20:45:30 1998 UTC (25 years, 10 months ago) by matt
Branch: MAIN
Changes since 1.61: +2 -1 lines
Diff to previous 1.61 (colored) to selected 1.142 (colored)

defopt GATEWAY

Revision 1.61 / (download) - annotate - [select for diffs], Wed Apr 29 03:45:52 1998 UTC (25 years, 10 months ago) by kml
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored) to selected 1.142 (colored)

change path MTU timeout value to match RFC 1191

Revision 1.60 / (download) - annotate - [select for diffs], Wed Apr 29 03:44:11 1998 UTC (25 years, 10 months ago) by kml
Branch: MAIN
Changes since 1.59: +27 -3 lines
Diff to previous 1.59 (colored) to selected 1.142 (colored)

Add support for deletion of routes added by path MTU discovery;
uses new generic route timeout code.  Add sysctl for timeout period.

Revision 1.59 / (download) - annotate - [select for diffs], Thu Mar 19 15:46:43 1998 UTC (26 years ago) by mrg
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored) to selected 1.142 (colored)

convert pfil(9) in and out lists from <sys/queue.h> LISTs to TAILQs, and
change pfil_add_hook to put output filters at the tail of the queue,
while continuing to place input filters at the head of the queue.  update
the two users of these functions, and document these changes.

fixes PR#4593.

Revision 1.58 / (download) - annotate - [select for diffs], Sun Feb 15 18:24:27 1998 UTC (26 years, 1 month ago) by tls
Branch: MAIN
Changes since 1.57: +38 -1 lines
Diff to previous 1.57 (colored) to selected 1.142 (colored)

Add correct copyright notice for IP address hash change.  This code is donated to TNF by the original copyright holder, Panix.

Revision 1.57 / (download) - annotate - [select for diffs], Fri Feb 13 18:21:44 1998 UTC (26 years, 1 month ago) by tls
Branch: MAIN
Changes since 1.56: +18 -14 lines
Diff to previous 1.56 (colored) to selected 1.142 (colored)

Change list of interface IP addresses to a hash.  Improves performance on hosts with a large number of IP addresses significantly.

Revision 1.56 / (download) - annotate - [select for diffs], Wed Jan 28 02:36:10 1998 UTC (26 years, 1 month ago) by thorpej
Branch: MAIN
Changes since 1.55: +1 -4 lines
Diff to previous 1.55 (colored) to selected 1.142 (colored)

Use offsetof() from libkern.h

Revision 1.55 / (download) - annotate - [select for diffs], Mon Jan 12 03:02:51 1998 UTC (26 years, 2 months ago) by scottr
Branch: MAIN
Changes since 1.54: +3 -1 lines
Diff to previous 1.54 (colored) to selected 1.142 (colored)

Use option header file for MROUTING

Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Mon Jan 5 09:54:10 1998 UTC (26 years, 2 months ago) by thorpej
Branch: WFJ-920714, CSRG
CVS Tags: lite-2, lite-1, date-03-may-96
Changes since 1.1.1.1: +169 -71 lines
Diff to previous 1.1.1.1 (colored) to selected 1.142 (colored)

Import sys/netinet from 4.4BSD-Lite for reference purposes.

Revision 1.54 / (download) - annotate - [select for diffs], Mon Jan 5 09:52:04 1998 UTC (26 years, 2 months ago) by lukem
Branch: MAIN
Changes since 1.53: +28 -2 lines
Diff to previous 1.53 (colored) to selected 1.142 (colored)

enhance ephemeral port allocation code:
* support sysctl net.inet.ip.anonportmin (lowest ephemeral port)
  and net.inet.ip.anonportmax (highest ephemeral port).
  these can't be set to >65535, < IPPORT_RESERVED (unless IPNOPRIVPORTS
  is defined), and anonportmin has to be < anonportmax.
* use a cleaner way of only cycling through the available set once;
  this will be useful for when a random allocation scheme is used
* define IPPORT_ANON{MIN,MAX} instead of IPPORT_USER{LOW,HIGH}

Revision 1.53 / (download) - annotate - [select for diffs], Sat Oct 18 21:18:31 1997 UTC (26 years, 5 months ago) by kml
Branch: MAIN
CVS Tags: netbsd-1-3-base, netbsd-1-3-RELEASE, netbsd-1-3-PATCH001, netbsd-1-3-BETA
Branch point for: netbsd-1-3
Changes since 1.52: +9 -1 lines
Diff to previous 1.52 (colored) to selected 1.142 (colored)

change sysctl net.inet.icmp.mtudisc to net.inet.ip.mtudisc

Revision 1.52 / (download) - annotate - [select for diffs], Fri Oct 17 21:20:57 1997 UTC (26 years, 5 months ago) by thorpej
Branch: MAIN
Changes since 1.51: +6 -1 lines
Diff to previous 1.51 (colored) to selected 1.142 (colored)

Allow `subnetsarelocal' to be changed via sysctl.

Revision 1.50.4.1 / (download) - annotate - [select for diffs], Mon Sep 1 21:00:39 1997 UTC (26 years, 6 months ago) by thorpej
Branch: marc-pcmcia
Changes since 1.50: +8 -1 lines
Diff to previous 1.50 (colored) next main 1.51 (colored) to selected 1.142 (colored)

Update marc-pcmcia branch from trunk.

Revision 1.51 / (download) - annotate - [select for diffs], Fri Aug 29 16:02:42 1997 UTC (26 years, 6 months ago) by gwr
Branch: MAIN
CVS Tags: thorpej-signal-base, thorpej-signal, marc-pcmcia-base
Changes since 1.50: +8 -1 lines
Diff to previous 1.50 (colored) to selected 1.142 (colored)

Tweaks to allow operation with an interface address of 0.0.0.0
(needed for NFS mountroot using BOOTP to get boot parameters)

Revision 1.50 / (download) - annotate - [select for diffs], Tue Jun 24 02:26:04 1997 UTC (26 years, 9 months ago) by thorpej
Branch: MAIN
CVS Tags: marc-pcmcia-bp, bouyer-scsipi
Branch point for: marc-pcmcia
Changes since 1.49: +22 -27 lines
Diff to previous 1.49 (colored) to selected 1.142 (colored)

Eliminate use of dtom() from the network code, allowing more flexible
use of mbuf external storage and increasing performance (by eliminating
an m_pullup() for clusters in the IP reassembly code).

Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628
and #3480, with ever-so-slight integration changes by me.

Revision 1.49 / (download) - annotate - [select for diffs], Tue Apr 15 00:41:52 1997 UTC (26 years, 11 months ago) by christos
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored) to selected 1.142 (colored)

Move the mtod calls *after* we've made sure that the packet has passed the
filter successfully. Otherwise it can be NULL if the filter blocked it,
and we die. How did this ever work?

Revision 1.44.4.1 / (download) - annotate - [select for diffs], Wed Mar 12 21:24:42 1997 UTC (27 years ago) by is
Branch: is-newarp
Changes since 1.44: +21 -12 lines
Diff to previous 1.44 (colored) next main 1.45 (colored) to selected 1.142 (colored)

Merge in changes from Trunk

Revision 1.48 / (download) - annotate - [select for diffs], Wed Feb 26 04:09:32 1997 UTC (27 years ago) by mrg
Branch: MAIN
CVS Tags: is-newarp-before-merge
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored) to selected 1.142 (colored)

allow src-routed packetd by default, per host requirements

Revision 1.47 / (download) - annotate - [select for diffs], Tue Feb 25 08:35:42 1997 UTC (27 years ago) by cjs
Branch: MAIN
Changes since 1.46: +15 -5 lines
Diff to previous 1.46 (colored) to selected 1.142 (colored)

Add net.inet.ip.allowsrcrt option which allows/drops all source
routed packets. This currently defaults to `drop,' but once we
verify  that all applications that rely on determining remote IP
addresses for authentication are dropping the connection when they
see a source route option (not just disabling the source route
option), we can turn this back on and conform with the host
requirements.

Revision 1.46 / (download) - annotate - [select for diffs], Wed Feb 19 08:30:04 1997 UTC (27 years, 1 month ago) by cjs
Branch: MAIN
Changes since 1.45: +6 -4 lines
Diff to previous 1.45 (colored) to selected 1.142 (colored)

Fix bug in sysctl net.inet.ip.forwsrcrt handing: now you can read it
if securelevel > 0. (Thanks, cgd.)

Revision 1.45 / (download) - annotate - [select for diffs], Tue Feb 18 20:49:35 1997 UTC (27 years, 1 month ago) by mrg
Branch: MAIN
Changes since 1.44: +2 -5 lines
Diff to previous 1.44 (colored) to selected 1.142 (colored)

pseudo-device ipfilter brings in PFIL_HOOKS.

Revision 1.44 / (download) - annotate - [select for diffs], Sat Jan 11 05:21:10 1997 UTC (27 years, 2 months ago) by thorpej
Branch: MAIN
CVS Tags: thorpej-setroot, mrg-vm-swap, is-newarp-base
Branch point for: is-newarp
Changes since 1.43: +66 -1 lines
Diff to previous 1.43 (colored) to selected 1.142 (colored)

Implement the IP_RECVIF socket option: supply a datagram packet's incoming
interface using a sockaddr_dl in a control mbuf.

Implement SO_TIMESTAMP for IP datagrams.

Move packet information option processing into a generic function
so that they work with multicast UDP and raw IP as well as unicast UDP.

Contributed by Bill Fenner <fenner@parc.xerox.com>.

Revision 1.43 / (download) - annotate - [select for diffs], Fri Dec 20 09:08:14 1996 UTC (27 years, 3 months ago) by mrg
Branch: MAIN
Changes since 1.42: +5 -4 lines
Diff to previous 1.42 (colored) to selected 1.142 (colored)

in pfil_hooks:  always reassign ip after calling hook.

Revision 1.42 / (download) - annotate - [select for diffs], Fri Dec 20 08:39:27 1996 UTC (27 years, 3 months ago) by mrg
Branch: MAIN
Changes since 1.41: +1 -9 lines
Diff to previous 1.41 (colored) to selected 1.142 (colored)

remove pfil_bad.

Revision 1.30.4.3 / (download) - annotate - [select for diffs], Wed Dec 11 02:11:08 1996 UTC (27 years, 3 months ago) by mycroft
Branch: netbsd-1-2
CVS Tags: netbsd-1-2-PATCH001
Changes since 1.30.4.2: +3 -3 lines
Diff to previous 1.30.4.2 (colored) to branchpoint 1.30 (colored) next main 1.31 (colored) to selected 1.142 (colored)

From trunk:
Save 68 bytes of the packet for ICMP, not 64.

Revision 1.30.4.2 / (download) - annotate - [select for diffs], Wed Dec 11 01:56:56 1996 UTC (27 years, 3 months ago) by mycroft
Branch: netbsd-1-2
Changes since 1.30.4.1: +2 -2 lines
Diff to previous 1.30.4.1 (colored) to branchpoint 1.30 (colored) to selected 1.142 (colored)

From trunk:
Ignore the reserved fragment flag when checking ip_off.

Revision 1.30.4.1 / (download) - annotate - [select for diffs], Sun Nov 10 21:57:51 1996 UTC (27 years, 4 months ago) by thorpej
Branch: netbsd-1-2
Changes since 1.30: +8 -2 lines
Diff to previous 1.30 (colored) to selected 1.142 (colored)

Update from trunk:
- Make ip_len and ip_off unsigned.
- Make sure we don't accept or transmit packets larger than the
  maximim IP packet size.
This fixes the so-called `death ping' bug.

Sum of work from Bill Fenner <fenner@parc.xerox.com>,
Kevin Lahey <kml@nas.nasa.gov>, and myself.

Thanks to Curt Sampson, Jukka Marin, and Kevin Lahey for testing
this under NetBSD 1.2

Revision 1.41 / (download) - annotate - [select for diffs], Fri Oct 25 06:30:32 1996 UTC (27 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.40: +8 -2 lines
Diff to previous 1.40 (colored) to selected 1.142 (colored)

Before concatenating frags, sanity check the length of the packet.  If it's
larger than IP_MAXPACKET, discard it.
Based on a patch from Bill Fenner <fenner@parc.xerox.com>

Revision 1.40 / (download) - annotate - [select for diffs], Tue Oct 22 11:27:05 1996 UTC (27 years, 5 months ago) by veego
Branch: MAIN
Changes since 1.39: +4 -3 lines
Diff to previous 1.39 (colored) to selected 1.142 (colored)

Fix a panic from the pfil_hooks.

Revision 1.39 / (download) - annotate - [select for diffs], Sun Oct 13 02:03:05 1996 UTC (27 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.38: +8 -8 lines
Diff to previous 1.38 (colored) to selected 1.142 (colored)

backout previous kprintf changes

Revision 1.38 / (download) - annotate - [select for diffs], Thu Oct 10 23:12:49 1996 UTC (27 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.37: +8 -8 lines
Diff to previous 1.37 (colored) to selected 1.142 (colored)

printf -> kprintf, sprintf -> ksprintf

Revision 1.37 / (download) - annotate - [select for diffs], Sat Sep 21 19:44:33 1996 UTC (27 years, 6 months ago) by perry
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored) to selected 1.142 (colored)

commit fix in pr 2772 -- the IP input code was assuming that the
reserved (must be zero) flag must necessarily be zero. We now define
an IP_RF (by analogy to IP_DF and IP_MF) and mask it out when necessary.

Revision 1.36 / (download) - annotate - [select for diffs], Sat Sep 14 14:40:26 1996 UTC (27 years, 6 months ago) by mrg
Branch: MAIN
Changes since 1.35: +11 -7 lines
Diff to previous 1.35 (colored) to selected 1.142 (colored)

move the packet filter hooks in to a saner location.  while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.

Revision 1.35 / (download) - annotate - [select for diffs], Mon Sep 9 14:51:16 1996 UTC (27 years, 6 months ago) by mycroft
Branch: MAIN
Changes since 1.34: +21 -23 lines
Diff to previous 1.34 (colored) to selected 1.142 (colored)

Add in_nullhost() and in_hosteq() macros, to hide some protocol
details.  Also, fix a bug in TCP wrt SYN+URG packets.

Revision 1.34 / (download) - annotate - [select for diffs], Sun Sep 8 15:49:43 1996 UTC (27 years, 6 months ago) by mycroft
Branch: MAIN
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored) to selected 1.142 (colored)

Save 68 bytes of the packet for ICMP, not 64.  From Laine Stump, PR 2296.

Revision 1.33 / (download) - annotate - [select for diffs], Fri Sep 6 05:07:44 1996 UTC (27 years, 6 months ago) by mrg
Branch: MAIN
Changes since 1.32: +28 -3 lines
Diff to previous 1.32 (colored) to selected 1.142 (colored)

add packet filter interface code.  see pfil(9) for more details.  you
need the PACKET_FILTER option to enable this code.  currently, ipfilter
version 3.1.1-beta has been converted to use this new interface.

Revision 1.32 / (download) - annotate - [select for diffs], Wed Aug 14 03:46:44 1996 UTC (27 years, 7 months ago) by thorpej
Branch: MAIN
Changes since 1.31: +4 -4 lines
Diff to previous 1.31 (colored) to selected 1.142 (colored)

Fix some DIAGNOSTIC printf() formats; ntohl() provides a 32-bit quantity,
and should be printed with %x, not %lx.

Revision 1.31 / (download) - annotate - [select for diffs], Wed Jul 10 18:13:39 1996 UTC (27 years, 8 months ago) by cgd
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored) to selected 1.142 (colored)

print result of ntohl/htonl as a long.  (makes -Wformat work on the
Alpha.)

Revision 1.30 / (download) - annotate - [select for diffs], Sat Mar 16 23:53:58 1996 UTC (28 years ago) by christos
Branch: MAIN
CVS Tags: netbsd-1-2-base, netbsd-1-2-RELEASE, netbsd-1-2-BETA
Branch point for: netbsd-1-2
Changes since 1.29: +5 -5 lines
Diff to previous 1.29 (colored) to selected 1.142 (colored)

Fix printf format args.

Revision 1.29 / (download) - annotate - [select for diffs], Mon Feb 26 23:17:06 1996 UTC (28 years ago) by mrg
Branch: MAIN
Changes since 1.28: +2 -3 lines
Diff to previous 1.28 (colored) to selected 1.142 (colored)

two more local addr changes, all done differently now (idea from charles)

Revision 1.28 / (download) - annotate - [select for diffs], Tue Feb 13 23:42:37 1996 UTC (28 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.27: +9 -7 lines
Diff to previous 1.27 (colored) to selected 1.142 (colored)

netinet prototypes

Revision 1.27 / (download) - annotate - [select for diffs], Tue Jan 16 04:17:37 1996 UTC (28 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.26: +20 -10 lines
Diff to previous 1.26 (colored) to selected 1.142 (colored)

Add a net.inet.ip.directed-broadcast sysctl as suggested by
Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au> in PR #1227.
This change is slightly different than the one submitted by Darren in
that the DIRECTED_BROADCAST compile-time option will behave like it used
to so that existing configurations utilizing it won't have to change.

Revision 1.26 / (download) - annotate - [select for diffs], Mon Jan 15 21:11:55 1996 UTC (28 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.25: +20 -1 lines
Diff to previous 1.25 (colored) to selected 1.142 (colored)

Add net.inet.ip.forwsrcrt: if zero, the system will not forward
source-routed packets.  Note this value is protected by kernel security
level; it can only be changed if securelevel < 1.

Revision 1.25 / (download) - annotate - [select for diffs], Tue Nov 21 01:07:34 1995 UTC (28 years, 4 months ago) by cgd
Branch: MAIN
Changes since 1.24: +91 -103 lines
Diff to previous 1.24 (colored) to selected 1.142 (colored)

make netinet work on systems where pointers and longs are 64 bits
(like the alpha).  Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines.  Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.

Revision 1.24 / (download) - annotate - [select for diffs], Sat Aug 12 23:59:36 1995 UTC (28 years, 7 months ago) by mycroft
Branch: MAIN
CVS Tags: netbsd-1-1-base, netbsd-1-1-RELEASE, netbsd-1-1-PATCH001, netbsd-1-1
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored) to selected 1.142 (colored)

splnet --> splsoftnet

Revision 1.23 / (download) - annotate - [select for diffs], Mon Jun 12 06:46:36 1995 UTC (28 years, 9 months ago) by mycroft
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored) to selected 1.142 (colored)

Change in_pcbnotify*() to take an errno value.  Make inetctlerrmap[] an
array on ints, not u_chars.

Revision 1.22 / (download) - annotate - [select for diffs], Mon Jun 12 00:47:41 1995 UTC (28 years, 9 months ago) by mycroft
Branch: MAIN
Changes since 1.21: +5 -4 lines
Diff to previous 1.21 (colored) to selected 1.142 (colored)

Various cleanup, including:
* Convert several data structures to use queue.h.
* Split in_pcbnotify() into two parts; one for notifying a specific PCB, and
one for notifying all PCBs for a particular foreign address.

Revision 1.21 / (download) - annotate - [select for diffs], Wed Jun 7 16:01:15 1995 UTC (28 years, 9 months ago) by mycroft
Branch: MAIN
Changes since 1.20: +1 -15 lines
Diff to previous 1.20 (colored) to selected 1.142 (colored)

Remove ip_ifmatrix completely.

Revision 1.20 / (download) - annotate - [select for diffs], Sun Jun 4 05:58:26 1995 UTC (28 years, 9 months ago) by mycroft
Branch: MAIN
Changes since 1.19: +12 -15 lines
Diff to previous 1.19 (colored) to selected 1.142 (colored)

Don't cast things unnecessarily.

Revision 1.19 / (download) - annotate - [select for diffs], Sun Jun 4 05:07:03 1995 UTC (28 years, 9 months ago) by mycroft
Branch: MAIN
Changes since 1.18: +10 -16 lines
Diff to previous 1.18 (colored) to selected 1.142 (colored)

Clean up many more casts.

Revision 1.18 / (download) - annotate - [select for diffs], Thu Jun 1 21:36:27 1995 UTC (28 years, 9 months ago) by mycroft
Branch: MAIN
Changes since 1.17: +10 -15 lines
Diff to previous 1.17 (colored) to selected 1.142 (colored)

Avoid byte-swapping IP addresses at run time.

Revision 1.17 / (download) - annotate - [select for diffs], Mon May 15 02:09:58 1995 UTC (28 years, 10 months ago) by cgd
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored) to selected 1.142 (colored)

oops; forgot a '{'

Revision 1.16 / (download) - annotate - [select for diffs], Sun May 14 08:23:00 1995 UTC (28 years, 10 months ago) by cgd
Branch: MAIN
Changes since 1.15: +11 -2 lines
Diff to previous 1.15 (colored) to selected 1.142 (colored)

drop (and record) malformed IP fragments.  Fixes pr 1030 (differently).

Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 13 06:33:21 1995 UTC (28 years, 11 months ago) by cgd
Branch: MAIN
Changes since 1.14: +9 -9 lines
Diff to previous 1.14 (colored) to selected 1.142 (colored)

be a bit more careful and explicit with types.  (basically a large no-op.)

Revision 1.14 / (download) - annotate - [select for diffs], Wed Jun 29 06:38:19 1994 UTC (29 years, 8 months ago) by cgd
Branch: MAIN
CVS Tags: netbsd-1-0-base, netbsd-1-0-RELEASE, netbsd-1-0-PATCH1, netbsd-1-0-PATCH06, netbsd-1-0-PATCH05, netbsd-1-0-PATCH04, netbsd-1-0-PATCH03, netbsd-1-0-PATCH02, netbsd-1-0-PATCH0, netbsd-1-0
Changes since 1.13: +3 -2 lines
Diff to previous 1.13 (colored) to selected 1.142 (colored)

New RCS ID's, take two.  they're more aesthecially pleasant, and use 'NetBSD'

Revision 1.13 / (download) - annotate - [select for diffs], Fri May 13 06:06:21 1994 UTC (29 years, 10 months ago) by mycroft
Branch: MAIN
Changes since 1.12: +96 -75 lines
Diff to previous 1.12 (colored) to selected 1.142 (colored)

Update to 4.4-Lite networking code, with a few local changes.

Revision 1.12 / (download) - annotate - [select for diffs], Mon Feb 14 21:45:53 1994 UTC (30 years, 1 month ago) by mycroft
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored) to selected 1.142 (colored)

PARANOID --> DIAGNOSTIC for inexpensive tests.

Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 2 05:59:04 1994 UTC (30 years, 1 month ago) by hpeyerl
Branch: MAIN
Changes since 1.10: +1 -3 lines
Diff to previous 1.10 (colored) to selected 1.142 (colored)

Multicast is no longer optional.

Revision 1.10 / (download) - annotate - [select for diffs], Sat Jan 29 11:58:01 1994 UTC (30 years, 1 month ago) by brezak
Branch: MAIN
Changes since 1.9: +9 -1 lines
Diff to previous 1.9 (colored) to selected 1.142 (colored)

Fix some cases of NOT dealing with m_pkthdr's. This code is still suspect though, at least this fixes some panics.

Revision 1.9 / (download) - annotate - [select for diffs], Mon Jan 10 20:14:19 1994 UTC (30 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.8: +6 -2 lines
Diff to previous 1.8 (colored) to selected 1.142 (colored)

Should compile now with or without `options MULTICAST'.

Revision 1.8 / (download) - annotate - [select for diffs], Sun Jan 9 01:06:13 1994 UTC (30 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.7: +16 -1 lines
Diff to previous 1.7 (colored) to selected 1.142 (colored)

Prototype the rest.

Revision 1.7 / (download) - annotate - [select for diffs], Sat Jan 8 23:50:45 1994 UTC (30 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.6: +5 -2 lines
Diff to previous 1.6 (colored) to selected 1.142 (colored)

More prototypes.

Revision 1.6 / (download) - annotate - [select for diffs], Sat Jan 8 21:21:47 1994 UTC (30 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) to selected 1.142 (colored)

Fix some inconsistent spacing; spaces at the end of lines, etc.

Revision 1.5 / (download) - annotate - [select for diffs], Sat Dec 18 00:41:57 1993 UTC (30 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.4: +20 -20 lines
Diff to previous 1.4 (colored) to selected 1.142 (colored)

Canonicalize all #includes.

Revision 1.4 / (download) - annotate - [select for diffs], Mon Dec 6 04:59:37 1993 UTC (30 years, 3 months ago) by hpeyerl
Branch: MAIN
Changes since 1.3: +48 -1 lines
Diff to previous 1.3 (colored) to selected 1.142 (colored)

multicast support.
>From Chris Maeda, cmaeda@cs.washington.edu
These patches are derived from the IP Multicast patches for BSDI.

Revision 1.3.4.2 / (download) - annotate - [select for diffs], Sun Nov 14 17:54:46 1993 UTC (30 years, 4 months ago) by mycroft
Branch: magnum
Changes since 1.3.4.1: +3 -3 lines
Diff to previous 1.3.4.1 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored) to selected 1.142 (colored)

PARANOID --> DIAGNOSTIC.  These are not expensive tests.

Revision 1.3.4.1 / (download) - annotate - [select for diffs], Fri Sep 24 08:54:56 1993 UTC (30 years, 6 months ago) by mycroft
Branch: magnum
Changes since 1.3: +3 -1 lines
Diff to previous 1.3 (colored) to selected 1.142 (colored)

Make all files using spl*() #include cpu.h.  Changes from trunk.

Revision 1.3 / (download) - annotate - [select for diffs], Thu May 20 03:50:25 1993 UTC (30 years, 10 months ago) by cgd
Branch: MAIN
CVS Tags: netbsd-0-9-patch-001, netbsd-0-9-base, netbsd-0-9-RELEASE, netbsd-0-9-BETA, netbsd-0-9-ALPHA2, netbsd-0-9-ALPHA, netbsd-0-9, magnum-base
Branch point for: magnum
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored) to selected 1.142 (colored)

more rcsid additions and file header cleanups

Revision 1.2 / (download) - annotate - [select for diffs], Tue May 4 05:41:18 1993 UTC (30 years, 10 months ago) by cgd
Branch: MAIN
Changes since 1.1: +11 -1 lines
Diff to previous 1.1 (colored) to selected 1.142 (colored)

make ip_input recursion checking be for -DPARANOID, and make it panic

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Mar 21 09:45:37 1993 UTC (31 years ago) by cgd
Branch: WFJ-920714, CSRG
CVS Tags: patchkit-0-2-2, netbsd-alpha-1, netbsd-0-8, WFJ-386bsd-01
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored) to selected 1.142 (colored)

initial import of 386bsd-0.1 sources

Revision 1.1 / (download) - annotate - [select for diffs], Sun Mar 21 09:45:37 1993 UTC (31 years ago) by cgd
Branch: MAIN
Diff to selected 1.142 (colored)

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>