Up to [cvs.NetBSD.org] / src / sys / netinet
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: MAIN
Revision 1.402 / (download) - annotate - [select for diffs], Fri Sep 2 03:50:00 2022 UTC (19 months, 2 weeks ago) by thorpej
Branch: MAIN
CVS Tags: thorpej-ifq-base,
thorpej-ifq,
thorpej-altq-separation-base,
thorpej-altq-separation,
netbsd-10-base,
netbsd-10-0-RELEASE,
netbsd-10-0-RC6,
netbsd-10-0-RC5,
netbsd-10-0-RC4,
netbsd-10-0-RC3,
netbsd-10-0-RC2,
netbsd-10-0-RC1,
netbsd-10,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm,
HEAD
Changes since 1.401: +11 -6
lines
Diff to previous 1.401 (colored) to selected 1.384 (colored)
pktqueue: Re-factor sysctl handling. Provide a new pktq_sysctl_setup() function that attaches standard pktq sysctl nodes below a specified parent node, with either a fixed node ID or CTL_CREATE to dynamically assign node IDs. Make all of the sysctl handlers private to pktqueue.c, and remove the INET- and INET6-specific pktqueue sysctl code from net/if.c.
Revision 1.401 / (download) - annotate - [select for diffs], Mon Mar 8 18:03:25 2021 UTC (3 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base,
thorpej-i2c-spi-conf2,
thorpej-i2c-spi-conf-base,
thorpej-i2c-spi-conf,
thorpej-futex2-base,
thorpej-futex2,
thorpej-futex-base,
thorpej-cfargs2-base,
thorpej-cfargs2,
thorpej-cfargs-base,
thorpej-cfargs,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Changes since 1.400: +2 -4
lines
Diff to previous 1.400 (colored) to selected 1.384 (colored)
remove now unused pseudo-random ip id code.
Revision 1.400 / (download) - annotate - [select for diffs], Sun Mar 7 14:58:27 2021 UTC (3 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.399: +3 -3
lines
Diff to previous 1.399 (colored) to selected 1.384 (colored)
netinet: Enable random IP fragment ids by default (from riastradh)
Revision 1.399 / (download) - annotate - [select for diffs], Fri Feb 19 14:51:59 2021 UTC (3 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.398: +3 -3
lines
Diff to previous 1.398 (colored) to selected 1.384 (colored)
- Make ALIGNED_POINTER use __alignof(t) instead of sizeof(t). This is more correct because it works with non-primitive types and provides the ABI alignment for the type the compiler will use. - Remove all the *_HDR_ALIGNMENT macros and asserts - Replace POINTER_ALIGNED_P with ACCESSIBLE_POINTER which is identical to ALIGNED_POINTER, but returns that the pointer is always aligned if the CPU supports unaligned accesses. [ as proposed in tech-kern ]
Revision 1.398 / (download) - annotate - [select for diffs], Sun Feb 14 20:58:35 2021 UTC (3 years, 2 months ago) by christos
Branch: MAIN
Changes since 1.397: +6 -14
lines
Diff to previous 1.397 (colored) to selected 1.384 (colored)
- centralize header align and pullup into a single inline function - use a single macro to align pointers and expose the alignment, instead of hard-coding 3 in 1/2 the macros. - fix an issue in the ipv6 lt2p where it was aligning for ipv4 and pulling for ipv6.
Revision 1.397 / (download) - annotate - [select for diffs], Fri Aug 28 06:31:42 2020 UTC (3 years, 7 months ago) by ozaki-r
Branch: MAIN
Branch point for: thorpej-futex
Changes since 1.396: +9 -3
lines
Diff to previous 1.396 (colored) to selected 1.384 (colored)
inet: reduce silent packet discards
Revision 1.396 / (download) - annotate - [select for diffs], Fri Aug 28 06:30:08 2020 UTC (3 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.395: +16 -18
lines
Diff to previous 1.395 (colored) to selected 1.384 (colored)
inet: pull m_get_rcvif_psref out of ip_input for simplicity Same as ip6_input.
Revision 1.395 / (download) - annotate - [select for diffs], Fri Aug 28 06:20:44 2020 UTC (3 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.394: +4 -4
lines
Diff to previous 1.394 (colored) to selected 1.384 (colored)
ipsec: rename ipsec_ip_input to ipsec_ip_input_checkpolicy Because it just checks if a packet passes security policies.
Revision 1.394 / (download) - annotate - [select for diffs], Fri Aug 28 06:19:13 2020 UTC (3 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.393: +4 -2
lines
Diff to previous 1.393 (colored) to selected 1.384 (colored)
inet, inet6: count packets dropped by IPsec The counters count packets dropped due to security policy checks.
Revision 1.393 / (download) - annotate - [select for diffs], Wed Nov 13 02:51:22 2019 UTC (4 years, 5 months ago) by ozaki-r
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
is-mlppp-base,
is-mlppp,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
ad-namecache-base3,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base,
ad-namecache
Changes since 1.392: +3 -4
lines
Diff to previous 1.392 (colored) to selected 1.384 (colored)
Get rid of unnecessary NULL checks for rt_ifa and ifa_ifp They are always non-NULL nowadays.
Revision 1.392 / (download) - annotate - [select for diffs], Thu Sep 19 05:31:50 2019 UTC (4 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.391: +4 -4
lines
Diff to previous 1.391 (colored) to selected 1.384 (colored)
Apply some missing changes lost on the previous commit
Revision 1.391 / (download) - annotate - [select for diffs], Thu Sep 19 04:08:29 2019 UTC (4 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.390: +10 -10
lines
Diff to previous 1.390 (colored) to selected 1.384 (colored)
Avoid having a rtcache directly in a percpu storage percpu(9) has a certain memory storage for each CPU and provides it by the piece to users. If the storages went short, percpu(9) enlarges them by allocating new larger memory areas, replacing old ones with them and destroying the old ones. A percpu storage referenced by a pointer gotten via percpu_getref can be destroyed by the mechanism after a running thread sleeps even if percpu_putref has not been called. Using rtcache, i.e., packet processing, typically involves sleepable operations such as rwlock so we must avoid dereferencing a rtcache that is directly stored in a percpu storage during packet processing. Address this situation by having just a pointer to a rtcache in a percpu storage instead. Reviewed by knakahara@ and yamaguchi@
Revision 1.390 / (download) - annotate - [select for diffs], Sun Sep 15 21:00:15 2019 UTC (4 years, 7 months ago) by bouyer
Branch: MAIN
Changes since 1.389: +19 -4
lines
Diff to previous 1.389 (colored) to selected 1.384 (colored)
Packet filters can return an mbuf chain with fragmented headers, so m_pullup() it if needed and remove the KASSERT()s.
Revision 1.389 / (download) - annotate - [select for diffs], Mon May 13 07:47:59 2019 UTC (4 years, 11 months ago) by ozaki-r
Branch: MAIN
CVS Tags: phil-wifi-20190609,
netbsd-9-base
Branch point for: netbsd-9
Changes since 1.388: +3 -2
lines
Diff to previous 1.388 (colored) to selected 1.384 (colored)
Count packets dropped by pfil
Revision 1.388 / (download) - annotate - [select for diffs], Thu Jan 17 02:47:15 2019 UTC (5 years, 3 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-20190127,
pgoyette-compat-20190118,
isaki-audio2-base,
isaki-audio2
Changes since 1.387: +3 -3
lines
Diff to previous 1.387 (colored) to selected 1.384 (colored)
Fix ipsecif(4) cannot apply input direction packet filter. Reviewed by ozaki-r@n.o and ryo@n.o. Add ATF later.
Revision 1.387 / (download) - annotate - [select for diffs], Thu Nov 15 10:23:56 2018 UTC (5 years, 5 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-1226,
pgoyette-compat-1126
Changes since 1.386: +3 -3
lines
Diff to previous 1.386 (colored) to selected 1.384 (colored)
Remove the 't' argument from m_tag_find().
Revision 1.386 / (download) - annotate - [select for diffs], Sun Sep 2 16:05:33 2018 UTC (5 years, 7 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906
Changes since 1.385: +3 -10
lines
Diff to previous 1.385 (colored) to selected 1.384 (colored)
remove reference to ipnat, and duplicate comments
Revision 1.385 / (download) - annotate - [select for diffs], Tue Jul 10 15:46:58 2018 UTC (5 years, 9 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0728
Changes since 1.384: +3 -3
lines
Diff to previous 1.384 (colored)
Remove the second argument from ip_reass_packet(). We want the IP header on the mbuf, not elsewhere. Simplifies the NPF reassembly code a little. No real functional change.
Revision 1.384 / (download) - annotate - [selected], Thu May 17 11:59:36 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-base,
pgoyette-compat-0625,
pgoyette-compat-0521
Branch point for: phil-wifi
Changes since 1.383: +4 -2
lines
Diff to previous 1.383 (colored)
Add KASSERTs, related to PR/39794.
Revision 1.383 / (download) - annotate - [select for diffs], Mon May 14 17:34:26 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.382: +4 -4
lines
Diff to previous 1.382 (colored) to selected 1.384 (colored)
Merge ipsec4_input and ipsec6_input into ipsec_ip_input. Make the argument a bool for clarity. Optimize the function: if M_CANFASTFWD is not there (because already removed by the firewall) leave now. Makes it easier to see that M_CANFASTFWD is not removed on IPv6.
Revision 1.382 / (download) - annotate - [select for diffs], Thu May 10 05:08:53 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.381: +3 -3
lines
Diff to previous 1.381 (colored) to selected 1.384 (colored)
Rename ipsec4_forward -> ipsec_mtu, and switch to void.
Revision 1.381 / (download) - annotate - [select for diffs], Thu Apr 26 19:22:17 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0502
Changes since 1.380: +3 -3
lines
Diff to previous 1.380 (colored) to selected 1.384 (colored)
Remove unused mbuf argument from sbsavetimestamp.
Revision 1.380 / (download) - annotate - [select for diffs], Sun Apr 15 07:35:49 2018 UTC (6 years ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0422,
pgoyette-compat-0415
Changes since 1.379: +4 -2
lines
Diff to previous 1.379 (colored) to selected 1.384 (colored)
Introduce a m_verify_packet function, that verifies the mbuf chain of a packet to ensure it is not malformed. Call this function in "points of interest", that are the IPv4/IPv6/IPsec entry points. There could be more. We use M_VERIFY_PACKET(m), declared under DIAGNOSTIC only. This function should not be called everywhere, especially not in places that temporarily manipulate (and clobber) the mbuf structure; once they're done they put the mbuf back in a correct format.
Revision 1.379 / (download) - annotate - [select for diffs], Wed Apr 11 08:11:20 2018 UTC (6 years ago) by maxv
Branch: MAIN
Changes since 1.378: +3 -4
lines
Diff to previous 1.378 (colored) to selected 1.384 (colored)
Don't pass IP_ALLOWBROADCAST in ipsec4_input. The flag lands in ipsec_getpolicybyaddr, and only IP_FORWARDING is taken. In fact it would be good to change the 'flags' argument of ipsec4_input to be a boolean, same for ipsec_getpolicybyaddr. It would be less misleading.
Revision 1.378 / (download) - annotate - [select for diffs], Wed Apr 11 07:55:19 2018 UTC (6 years ago) by maxv
Branch: MAIN
Changes since 1.377: +5 -2
lines
Diff to previous 1.377 (colored) to selected 1.384 (colored)
Add comment about IPsec.
Revision 1.377 / (download) - annotate - [select for diffs], Wed Apr 11 07:52:25 2018 UTC (6 years ago) by maxv
Branch: MAIN
Changes since 1.376: +9 -9
lines
Diff to previous 1.376 (colored) to selected 1.384 (colored)
Small changes in ip_dooptions: replace bcopy by memcpy, the areas can't overlap.
Revision 1.376 / (download) - annotate - [select for diffs], Sat Feb 24 07:37:09 2018 UTC (6 years, 1 month ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-compat-base,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315
Branch point for: pgoyette-compat
Changes since 1.375: +4 -4
lines
Diff to previous 1.375 (colored) to selected 1.384 (colored)
Avoid a deadlock between softnet_lock and IFNET_LOCK A deadlock occurs because there is a violation of the rule of lock ordering; softnet_lock is held with hodling IFNET_LOCK, which violates the rule. To avoid the deadlock, replace softnet_lock in in_control and in6_control with KERNEL_LOCK. We also need to add some KERNEL_LOCKs to protect the network stack surely. This is required, for example, for PR kern/51356. Fix PR kern/53043
Revision 1.375 / (download) - annotate - [select for diffs], Fri Feb 9 18:31:52 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.374: +2 -11
lines
Diff to previous 1.374 (colored) to selected 1.384 (colored)
Remove dead code.
Revision 1.374 / (download) - annotate - [select for diffs], Wed Feb 7 08:12:25 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.373: +3 -3
lines
Diff to previous 1.373 (colored) to selected 1.384 (colored)
Remove null check on ip, it can't be null. (Confuses code scanners.)
Revision 1.373 / (download) - annotate - [select for diffs], Tue Feb 6 06:36:40 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.372: +5 -5
lines
Diff to previous 1.372 (colored) to selected 1.384 (colored)
Typos and style a bit, no functional change.
Revision 1.372 / (download) - annotate - [select for diffs], Mon Feb 5 15:23:14 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.371: +3 -9
lines
Diff to previous 1.371 (colored) to selected 1.384 (colored)
Exterminate IPSENDREDIRECTS and IPMTUDISCTIMEOUT, neither is documented.
Revision 1.371 / (download) - annotate - [select for diffs], Mon Feb 5 15:18:10 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.370: +3 -9
lines
Diff to previous 1.370 (colored) to selected 1.384 (colored)
Nuke DIRECTED_BROADCAST, it is not documented and not enabled anywhere. It probably wouldn't have built correctly anyway, since there is no associated defflag. These ten lines of code in ip_input.c already look a lot better.
Revision 1.370 / (download) - annotate - [select for diffs], Mon Feb 5 14:52:42 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.369: +17 -30
lines
Diff to previous 1.369 (colored) to selected 1.384 (colored)
Clean up this mess. This is typically the kind of places where we need to seriously cut the bullshit. These things are unreadable, undocumented, and all they bought us was not figuring out we had IPv4 forwarding enabled by default for 20+ years.
Revision 1.369 / (download) - annotate - [select for diffs], Mon Feb 5 14:23:38 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.368: +7 -15
lines
Diff to previous 1.368 (colored) to selected 1.384 (colored)
Be tougher, and don't allow LSRR+SSRR (RFC7126).
Revision 1.368 / (download) - annotate - [select for diffs], Mon Feb 5 13:52:39 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.367: +27 -2
lines
Diff to previous 1.367 (colored) to selected 1.384 (colored)
Kick duplicate options, they are not allowed (RFC791).
Revision 1.367 / (download) - annotate - [select for diffs], Mon Feb 5 13:34:20 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.366: +2 -5
lines
Diff to previous 1.366 (colored) to selected 1.384 (colored)
Remove unused variable.
Revision 1.366 / (download) - annotate - [select for diffs], Mon Feb 5 13:23:11 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.365: +4 -4
lines
Diff to previous 1.365 (colored) to selected 1.384 (colored)
Disable ip_allowsrcrt and ip_forwsrcrt. Enabling them by default was a completely dumb idea, because they have security implications. By sending an IPv4 packet containing an LSRR option, an attacker will cause the system to forward the packet to another IPv4 address - and this way he white-washes the source of the packet. It is also possible for an attacker to reach hidden networks: if a server has a public address, and a private one on an internal network (network which has several internal machines connected), the attacker can send a packet with: source = 0.0.0.0 destination = public address of the server LSRR first address = address of a machine on the internal network And the packet will be forwarded, by the server, to the internal machine, in some cases even with the internal IP address of the server as a source.
Revision 1.365 / (download) - annotate - [select for diffs], Mon Feb 5 13:04:56 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.364: +14 -16
lines
Diff to previous 1.364 (colored) to selected 1.384 (colored)
Style, no functional change.
Revision 1.364 / (download) - annotate - [select for diffs], Mon Jan 1 00:51:36 2018 UTC (6 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.363: +2 -11
lines
Diff to previous 1.363 (colored) to selected 1.384 (colored)
1) "#define ipi_spec_dst ipi_addr" in <netinet/in.h> 2) Change the IP_RECVPKTINFO option to control the generation of IP_PKTINFO control messages, the way it's done in Solaris. 3) Remove the superfluous IP_RECVPKTINFO control message. 4) Change the IP_PKTINFO option to do different things depending on the parameter it's supplied with: - If it's sizeof(int), assume it's being used as in Linux: - If it's non-zero, turn on the IP_RECVPKTINFO option. - If it's zero, turn off the IP_RECVPKTINFO option. - If it's sizeof(struct in_pktinfo), assume it's being used as in Solaris, to set a default for the source interface and/or source address for outgoing packets on the socket. 5) Return what Linux or Solaris compatible code expects, depending on data size, and just added a fallback to a Linux (and current NetBSD) compatible value if the size is unknown (as it is now), or, in the future, if the calling application specifies a receiving buffer that doesn't match either data item. From: Tom Ivar Helbekkmo
Revision 1.363 / (download) - annotate - [select for diffs], Fri Nov 24 14:03:25 2017 UTC (6 years, 4 months ago) by roy
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202
Changes since 1.362: +13 -7
lines
Diff to previous 1.362 (colored) to selected 1.384 (colored)
Allow local communication over DETACHED addresses. Allow binding to DETACHED or TENTATIVE addresses as we deny sending upstream from them anyway. Prefer non DETACHED or TENTATIVE addresses.
Revision 1.362 / (download) - annotate - [select for diffs], Fri Nov 17 07:37:12 2017 UTC (6 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.361: +6 -16
lines
Diff to previous 1.361 (colored) to selected 1.384 (colored)
Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..." scattered all over the source code and makes it easy to identify remaining KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE. No functional change
Revision 1.361 / (download) - annotate - [select for diffs], Wed Sep 27 10:05:04 2017 UTC (6 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.360: +2 -4
lines
Diff to previous 1.360 (colored) to selected 1.384 (colored)
Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default).
Revision 1.360 / (download) - annotate - [select for diffs], Thu Jul 27 06:59:28 2017 UTC (6 years, 8 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20170825
Changes since 1.359: +2 -8
lines
Diff to previous 1.359 (colored) to selected 1.384 (colored)
Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
Revision 1.359 / (download) - annotate - [select for diffs], Wed Jul 19 07:24:46 2017 UTC (6 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.358: +3 -3
lines
Diff to previous 1.358 (colored) to selected 1.384 (colored)
Correct a comment
Revision 1.358 / (download) - annotate - [select for diffs], Sat Jul 8 22:56:15 2017 UTC (6 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: perseant-stdc-iso10646-base,
perseant-stdc-iso10646
Changes since 1.357: +19 -14
lines
Diff to previous 1.357 (colored) to selected 1.384 (colored)
Reorder the controls to the ones that need an interface and the ones that don't; process the ones that don't first. Add a DIAGNOSTIC if there is no interface; really this should be a KASSERT/panic because it is a bug if the interface is not set at this point.
Revision 1.357 / (download) - annotate - [select for diffs], Thu Jul 6 17:12:34 2017 UTC (6 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.356: +6 -6
lines
Diff to previous 1.356 (colored) to selected 1.384 (colored)
remove unnecessary casts (no functional change)
Revision 1.356 / (download) - annotate - [select for diffs], Thu Jul 6 17:08:57 2017 UTC (6 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.355: +5 -29
lines
Diff to previous 1.355 (colored) to selected 1.384 (colored)
Merge the two copies SO_TIMESTAMP/SO_OTIMESTAMP processing to a single function, and add a SOOPT_TIMESTAMP define reducing compat pollution from 5 places to 1.
Revision 1.355 / (download) - annotate - [select for diffs], Thu Jun 1 02:45:14 2017 UTC (6 years, 10 months ago) by chs
Branch: MAIN
CVS Tags: netbsd-8-base
Branch point for: netbsd-8
Changes since 1.354: +2 -6
lines
Diff to previous 1.354 (colored) to selected 1.384 (colored)
remove checks for failure after memory allocation calls that cannot fail: kmem_alloc() with KM_SLEEP kmem_zalloc() with KM_SLEEP percpu_alloc() pserialize_create() psref_class_create() all of these paths include an assertion that the allocation has not failed, so callers should not assert that again.
Revision 1.354 / (download) - annotate - [select for diffs], Fri Mar 31 06:49:44 2017 UTC (7 years ago) by ozaki-r
Branch: MAIN
CVS Tags: prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
pgoyette-localcount-20170426,
jdolecek-ncq-base,
jdolecek-ncq,
bouyer-socketcan-base1
Changes since 1.353: +48 -34
lines
Diff to previous 1.353 (colored) to selected 1.384 (colored)
Don't use a single global variable to store source route information for multiple incoming packets It's not MP-safe. So use a m_tag to store the information instead. Pointed out by knakahara@ The fix is from OpenBSD (originally fixed in FreeBSD)
Revision 1.353 / (download) - annotate - [select for diffs], Fri Mar 31 06:42:19 2017 UTC (7 years ago) by ozaki-r
Branch: MAIN
Changes since 1.352: +23 -8
lines
Diff to previous 1.352 (colored) to selected 1.384 (colored)
Don't use a single global variable as a temporal storage for multiple packets It's not MP-safe. So use local variables instead.
Revision 1.352 / (download) - annotate - [select for diffs], Mon Mar 6 07:31:15 2017 UTC (7 years, 1 month ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20170320
Changes since 1.351: +4 -2
lines
Diff to previous 1.351 (colored) to selected 1.384 (colored)
Make sure icmp_redirect_timeout_q and ip_mtudisc_timeout_q are initialized on bootup Fix PR kern/52029
Revision 1.351 / (download) - annotate - [select for diffs], Fri Feb 17 18:09:25 2017 UTC (7 years, 2 months ago) by ozaki-r
Branch: MAIN
Changes since 1.350: +3 -3
lines
Diff to previous 1.350 (colored) to selected 1.384 (colored)
Fix return value
Revision 1.350 / (download) - annotate - [select for diffs], Fri Feb 17 04:32:10 2017 UTC (7 years, 2 months ago) by ozaki-r
Branch: MAIN
Changes since 1.349: +13 -12
lines
Diff to previous 1.349 (colored) to selected 1.384 (colored)
Protect sysctl_net_inet_ip_pmtudto with icmp_mtx instead of softnet_lock
Revision 1.349 / (download) - annotate - [select for diffs], Tue Feb 7 02:38:08 2017 UTC (7 years, 2 months ago) by ozaki-r
Branch: MAIN
Changes since 1.348: +7 -4
lines
Diff to previous 1.348 (colored) to selected 1.384 (colored)
Add missing NULL checks for m_get_rcvif
Revision 1.348 / (download) - annotate - [select for diffs], Tue Jan 24 07:09:24 2017 UTC (7 years, 2 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20170204
Changes since 1.347: +7 -2
lines
Diff to previous 1.347 (colored) to selected 1.384 (colored)
Tweak softnet_lock and NET_MPSAFE - Don't hold softnet_lock in some functions if NET_MPSAFE - Add softnet_lock to sysctl_net_inet_icmp_redirtimeout - Add softnet_lock to expire_upcalls of ip_mroute.c - Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE - Mark some softnet_lock for future work
Revision 1.347 / (download) - annotate - [select for diffs], Mon Dec 12 03:55:57 2016 UTC (7 years, 4 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107,
bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.346: +2 -3
lines
Diff to previous 1.346 (colored) to selected 1.384 (colored)
Make the routing table and rtcaches MP-safe See the following descriptions for details. Proposed on tech-kern and tech-net Overview -------- We protect the routing table with a rwock and protect rtcaches with another rwlock. Each rtentry is protected from being freed or updated via reference counting and psref. Global rwlocks -------------- There are two rwlocks; one for the routing table (rt_lock) and the other for rtcaches (rtcache_lock). rtcache_lock covers all existing rtcaches; there may have room for optimizations (future work). The locking order is rtcache_lock first and rt_lock is next. rtentry references ------------------ References to an rtentry is managed with reference counting and psref. Either of the two mechanisms is used depending on where a rtentry is obtained. Reference counting is used when we obtain a rtentry from the routing table directly via rtalloc1 and rtrequest{,1} while psref is used when we obtain a rtentry from a rtcache via rtcache_* APIs. In both cases, a caller can sleep/block with holding an obtained rtentry. The reasons why we use two different mechanisms are (i) only using reference counting hurts the performance due to atomic instructions (rtcache case) (ii) ease of implementation; applying psref to APIs such rtaloc1 and rtrequest{,1} requires additional works (adding a local variable and an argument). We will finally migrate to use only psref but we can do it when we have a lockless routing table alternative. Reference counting for rtentry ------------------------------ rt_refcnt now doesn't count permanent references such as for rt_timers and rtcaches, instead it is used only for temporal references when obtaining a rtentry via rtalloc1 and rtrequest{,1}. We can do so because destroying a rtentry always involves removing references of rt_timers and rtcaches to the rtentry and we don't need to track such references. This also makes it easy to wait for readers to release references on deleting or updating a rtentry, i.e., we can simply wait until the reference counter is 0 or 1. (If there are permanent references the counter can be arbitrary.) rt_ref increments a reference counter of a rtentry and rt_unref decrements it. rt_ref is called inside APIs (rtalloc1 and rtrequest{,1} so users don't need to care about it while users must call rt_unref to an obtained rtentry after using it. rtfree is removed and we use rt_unref and rt_free instead. rt_unref now just decrements the counter of a given rtentry and rt_free just tries to destroy a given rtentry. See the next section for destructions of rtentries by rt_free. Destructions of rtentries ------------------------- We destroy a rtentry only when we call rtrequst{,1}(RTM_DELETE); the original implementation can destroy in any rtfree where it's the last reference. If we use reference counting or psref, it's easy to understand if the place that a rtentry is destroyed is fixed. rt_free waits for references to a given rtentry to be released before actually destroying the rtentry. rt_free uses a condition variable (cv_wait) (and psref_target_destroy for psref) to wait. Unfortunately rtrequst{,1}(RTM_DELETE) can be called in softint that we cannot use cv_wait. In that case, we have to defer the destruction to a workqueue. rtentry#rt_cv, rtentry#rt_psref and global variables (see rt_free_global) are added to conduct the procedure. Updates of rtentries -------------------- One difficulty to use refcnt/psref instead of rwlock for rtentry is updates of rtentries. We need an additional mechanism to prevent readers from seeing inconsistency of a rtentry being updated. We introduce RTF_UPDATING flag to rtentries that are updating. While the flag is set to a rtentry, users cannot acquire the rtentry. By doing so, we avoid users to see inconsistent rtentries. There are two options when a user tries to acquire a rtentry with the RTF_UPDATING flag; if a user runs in softint context the user fails to acquire a rtentry (NULL is returned). Otherwise a user waits until the update completes by waiting on cv. The procedure of a updater is simpler to destruction of a rtentry. Wait on cv (and psref) and after all readers left, proceed with the update. Global variables (see rt_update_global) are added to conduct the procedure. Currently we apply the mechanism to only RTM_CHANGE in rtsock.c. We would have to apply other codes. See "Known issues" section. psref for rtentry ----------------- When we obtain a rtentry from a rtcache via rtcache_* APIs, psref is used to reference to the rtentry. rtcache_ref acquires a reference to a rtentry with psref and rtcache_unref releases the reference after using it. rtcache_ref is called inside rtcache_* APIs and users don't need to take care of it while users must call rtcache_unref to release the reference. struct psref and int bound that is needed for psref is embedded into struct route. By doing so we don't need to add local variables and additional argument to APIs. However this adds another constraint to psref other than reference counting one's; holding a reference of an rtentry via a rtcache is allowed by just one caller at the same time. So we must not acquire a rtentry via a rtcache twice and avoid a recursive use of a rtcache. And also a rtcache must be arranged to be used by a LWP/softint at the same time somehow. For IP forwarding case, we have per-CPU rtcaches used in softint so the constraint is guaranteed. For a h rtcache of a PCB case, the constraint is guaranteed by the solock of each PCB. Any other cases (pf, ipf, stf and ipsec) are currently guaranteed by only the existence of the global locks (softnet_lock and/or KERNEL_LOCK). If we've found the cases that we cannot guarantee the constraint, we would need to introduce other rtcache APIs that use simple reference counting. psref of rtcache is created with IPL_SOFTNET and so rtcache shouldn't used at an IPL higher than IPL_SOFTNET. Note that rtcache_free is used to invalidate a given rtcache. We don't need another care by my change; just keep them as they are. Performance impact ------------------ When NET_MPSAFE is disabled the performance drop is 3% while when it's enabled the drop is increased to 11%. The difference comes from that currently we don't take any global locks and don't use psref if NET_MPSAFE is disabled. We can optimize the performance of the case of NET_MPSAFE on by reducing lookups of rtcache that uses psref; currently we do two lookups but we should be able to trim one of two. This is a future work. Known issues ------------ There are two known issues to be solved; one is that a caller of rtrequest(RTM_ADD) may change rtentry (see rtinit). We need to prevent new references during the update. Or we may be able to remove the code (perhaps, need more investigations). The other is rtredirect that updates a rtentry. We need to apply our update mechanism, however it's not easy because rtredirect is called in softint and we cannot apply our mechanism simply. One solution is to defer rtredirect to a workqueue but it requires some code restructuring.
Revision 1.346 / (download) - annotate - [select for diffs], Thu Dec 8 06:25:43 2016 UTC (7 years, 4 months ago) by ozaki-r
Branch: MAIN
Changes since 1.345: +18 -16
lines
Diff to previous 1.345 (colored) to selected 1.384 (colored)
Use psref for ip_rtaddr ip_rtaddr will be sleepable soon. So use psref instead of pserialize.
Revision 1.345 / (download) - annotate - [select for diffs], Thu Dec 8 05:16:33 2016 UTC (7 years, 4 months ago) by ozaki-r
Branch: MAIN
Changes since 1.344: +14 -8
lines
Diff to previous 1.344 (colored) to selected 1.384 (colored)
Add rtcache_unref to release points of rtentry stemming from rtcache In the MP-safe world, a rtentry stemming from a rtcache can be freed at any points. So we need to protect rtentries somehow say by reference couting or passive references. Regardless of the method, we need to call some release function of a rtentry after using it. The change adds a new function rtcache_unref to release a rtentry. At this point, this function does nothing because for now we don't add a reference to a rtentry when we get one from a rtcache. We will add something useful in a further commit. This change is a part of changes for MP-safe routing table. It is separated to avoid one big change that makes difficult to debug by bisecting.
Revision 1.344 / (download) - annotate - [select for diffs], Tue Oct 18 07:30:31 2016 UTC (7 years, 6 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20161104,
nick-nhusb-base-20161204
Changes since 1.343: +12 -13
lines
Diff to previous 1.343 (colored) to selected 1.384 (colored)
Don't hold global locks if NET_MPSAFE is enabled If NET_MPSAFE is enabled, don't hold KERNEL_LOCK and softnet_lock in part of the network stack such as IP forwarding paths. The aim of the change is to make it easy to test the network stack without the locks and reduce our local diffs. By default (i.e., if NET_MPSAFE isn't enabled), the locks are held as they used to be. Reviewed by knakahara@
Revision 1.343 / (download) - annotate - [select for diffs], Tue Oct 18 01:15:20 2016 UTC (7 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.342: +7 -3
lines
Diff to previous 1.342 (colored) to selected 1.384 (colored)
Avoid double frees of mbuf May fix one of panicks reported by Tom Ivar Helbekkmo in PR kern/51522
Revision 1.342 / (download) - annotate - [select for diffs], Tue Oct 11 05:15:01 2016 UTC (7 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.341: +3 -3
lines
Diff to previous 1.341 (colored) to selected 1.384 (colored)
Fix kernel builds with IFA_STATS
Revision 1.341 / (download) - annotate - [select for diffs], Wed Sep 7 15:41:44 2016 UTC (7 years, 7 months ago) by roy
Branch: MAIN
CVS Tags: nick-nhusb-base-20161004,
localcount-20160914
Changes since 1.340: +5 -4
lines
Diff to previous 1.340 (colored) to selected 1.384 (colored)
Disallow input to detached addresses because they are not yet valid.
Revision 1.340 / (download) - annotate - [select for diffs], Wed Aug 31 09:14:47 2016 UTC (7 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.339: +22 -8
lines
Diff to previous 1.339 (colored) to selected 1.384 (colored)
Make ipforward_rt and ip6_forward_rt percpu Sharing one rtcache between CPUs is just a bad idea. Reviewed by knakahara@
Revision 1.339 / (download) - annotate - [select for diffs], Mon Aug 1 03:15:30 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20160806
Changes since 1.338: +77 -31
lines
Diff to previous 1.338 (colored) to selected 1.384 (colored)
Apply pserialize and psref to struct ifaddr and its variants This change makes struct ifaddr and its variants (in_ifaddr and in6_ifaddr) MP-safe by using pserialize and psref. At this moment, pserialize_perform and psref_target_destroy are disabled because (1) we don't need them because of softnet_lock (2) they cause a deadlock because of softnet_lock. So we'll enable them when we remove softnet_lock in the future.
Revision 1.338 / (download) - annotate - [select for diffs], Tue Jul 26 08:34:55 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.337: +3 -3
lines
Diff to previous 1.337 (colored) to selected 1.384 (colored)
Fix downmatch increment
Revision 1.337 / (download) - annotate - [select for diffs], Fri Jul 8 06:15:33 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-base,
pgoyette-localcount-20160726,
nick-nhusb-base-20160907
Branch point for: pgoyette-localcount
Changes since 1.336: +4 -4
lines
Diff to previous 1.336 (colored) to selected 1.384 (colored)
CID 1363344: remove dead code We may need to reconsider a case when m_get_rcvif_psref returns NULL.
Revision 1.336 / (download) - annotate - [select for diffs], Thu Jul 7 09:32:02 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.335: +3 -3
lines
Diff to previous 1.335 (colored) to selected 1.384 (colored)
Switch the address list of intefaces to pslist(9) As usual, we leave the old list to avoid breaking kvm(3) users.
Revision 1.335 / (download) - annotate - [select for diffs], Wed Jul 6 08:42:34 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.334: +3 -4
lines
Diff to previous 1.334 (colored) to selected 1.384 (colored)
Switch the IPv4 address list to pslist(9) Note that we leave the old list just in case; it seems there are some kvm(3) users accessing the list. We can remove it later if we confirmed nobody does actually.
Revision 1.334 / (download) - annotate - [select for diffs], Wed Jul 6 05:27:52 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.333: +3 -3
lines
Diff to previous 1.333 (colored) to selected 1.384 (colored)
Add and use pslist(9)-based hashtable for IPv4 addresses Note that we leave the old hashtable to keep vmstat -H working.
Revision 1.333 / (download) - annotate - [select for diffs], Mon Jul 4 08:10:50 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.332: +88 -57
lines
Diff to previous 1.332 (colored) to selected 1.384 (colored)
Separate IP address matching functions No functional change intended.
Revision 1.332 / (download) - annotate - [select for diffs], Thu Jun 30 06:56:27 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.331: +24 -28
lines
Diff to previous 1.331 (colored) to selected 1.384 (colored)
Tidy up goto lables No functional change.
Revision 1.331 / (download) - annotate - [select for diffs], Thu Jun 30 06:48:58 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.330: +3 -2
lines
Diff to previous 1.330 (colored) to selected 1.384 (colored)
Fix error paths Some error paths did m_put_rcvif_psref twice.
Revision 1.330 / (download) - annotate - [select for diffs], Tue Jun 28 02:02:56 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.329: +12 -2
lines
Diff to previous 1.329 (colored) to selected 1.384 (colored)
Add missing NULL checks for m_get_rcvif_psref
Revision 1.329 / (download) - annotate - [select for diffs], Fri Jun 10 13:31:44 2016 UTC (7 years, 10 months ago) by ozaki-r
Branch: MAIN
Changes since 1.328: +46 -21
lines
Diff to previous 1.328 (colored) to selected 1.384 (colored)
Avoid storing a pointer of an interface in a mbuf Having a pointer of an interface in a mbuf isn't safe if we remove big kernel locks; an interface object (ifnet) can be destroyed anytime in any packet processing and accessing such object via a pointer is racy. Instead we have to get an object from the interface collection (ifindex2ifnet) via an interface index (if_index) that is stored to a mbuf instead of an pointer. The change provides two APIs: m_{get,put}_rcvif_psref that use psref(9) for sleep-able critical sections and m_{get,put}_rcvif that use pserialize(9) for other critical sections. The change also adds another API called m_get_rcvif_NOMPSAFE, that is NOT MP-safe and for transition moratorium, i.e., it is intended to be used for places where are not planned to be MP-ified soon. The change adds some overhead due to psref to performance sensitive paths, however the overhead is not serious, 2% down at worst. Proposed on tech-kern and tech-net.
Revision 1.328 / (download) - annotate - [select for diffs], Thu Jan 21 15:41:30 2016 UTC (8 years, 2 months ago) by riastradh
Branch: MAIN
CVS Tags: nick-nhusb-base-20160529,
nick-nhusb-base-20160422,
nick-nhusb-base-20160319
Changes since 1.327: +7 -17
lines
Diff to previous 1.327 (colored) to selected 1.384 (colored)
Revert previous: ran cvs commit when I meant cvs diff. Sorry! Hit up-arrow one too few times.
Revision 1.327 / (download) - annotate - [select for diffs], Thu Jan 21 15:27:48 2016 UTC (8 years, 2 months ago) by riastradh
Branch: MAIN
Changes since 1.326: +19 -9
lines
Diff to previous 1.326 (colored) to selected 1.384 (colored)
Give proper prototype to ip_output.
Revision 1.326 / (download) - annotate - [select for diffs], Fri Jan 8 03:55:39 2016 UTC (8 years, 3 months ago) by knakahara
Branch: MAIN
Changes since 1.325: +2 -11
lines
Diff to previous 1.325 (colored) to selected 1.384 (colored)
eliminate ip_input.c and ip6_input.c dependency on gif(4)
Revision 1.325 / (download) - annotate - [select for diffs], Tue Oct 13 09:46:42 2015 UTC (8 years, 6 months ago) by roy
Branch: MAIN
CVS Tags: nick-nhusb-base-20151226
Changes since 1.324: +4 -2
lines
Diff to previous 1.324 (colored) to selected 1.384 (colored)
Include arp.h to restore the sysctl net.inet.ip.dad_count. Fixes PR kern/49883 thanks to HITOSHI Osada.
Revision 1.324 / (download) - annotate - [select for diffs], Mon Aug 24 22:21:26 2015 UTC (8 years, 7 months ago) by pooka
Branch: MAIN
CVS Tags: nick-nhusb-base-20150921
Changes since 1.323: +4 -2
lines
Diff to previous 1.323 (colored) to selected 1.384 (colored)
sprinkle _KERNEL_OPT
Revision 1.323 / (download) - annotate - [select for diffs], Fri Aug 7 08:11:33 2015 UTC (8 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.322: +3 -3
lines
Diff to previous 1.322 (colored) to selected 1.384 (colored)
Use time_uptime instead of time_second to avoid time leaps Some codes in sys/net* use time_second to manage time periods such as cache expirations. However, time_second doesn't increase monotonically and can leap by say settimeofday(2) according to time_second(9). We should use time_uptime instead of it to avoid such time leaps. This change replaces time_second with time_uptime. Additionally it converts a time based on time_uptime to a time based on time_second when the kernel passes the time to userland programs that expect the latter, and vice versa. Note that we shouldn't leak time_uptime to other hosts over the netowrk. My investigation shows there is no such leak: http://mail-index.netbsd.org/tech-net/2015/08/06/msg005332.html Discussed on tech-kern and tech-net.
Revision 1.322 / (download) - annotate - [select for diffs], Sat May 2 20:22:12 2015 UTC (8 years, 11 months ago) by joerg
Branch: MAIN
CVS Tags: nick-nhusb-base-20150606
Changes since 1.321: +4 -2
lines
Diff to previous 1.321 (colored) to selected 1.384 (colored)
Fix !ARP build.
Revision 1.321 / (download) - annotate - [select for diffs], Sat May 2 14:41:32 2015 UTC (8 years, 11 months ago) by roy
Branch: MAIN
Changes since 1.320: +15 -3
lines
Diff to previous 1.320 (colored) to selected 1.384 (colored)
Add IPv4 address flags IN_IFF_TENTATIVE, IN_IFF_DUPLICATED and IN_IFF_DETATCHED to mimic the IPv6 address behaviour. Add SIOCGIFAFLAG_IN ioctl to retrieve the address flag via the ifreq structure. Add IPv4 DAD detection via the ARP methods described in RFC 5227. Add sysctls net.inet.ip.dad_count and net.inet.arp.debug. Discussed on tech-net@
Revision 1.320 / (download) - annotate - [select for diffs], Thu Mar 26 04:05:58 2015 UTC (9 years ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20150406
Changes since 1.319: +27 -19
lines
Diff to previous 1.319 (colored) to selected 1.384 (colored)
Tidy up the regular path of ip_forward No functional change is intended.
Revision 1.319 / (download) - annotate - [select for diffs], Mon Jun 16 00:33:39 2014 UTC (9 years, 10 months ago) by ozaki-r
Branch: MAIN
CVS Tags: tls-maxphys-base,
tls-earlyentropy-base,
nick-nhusb-base,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-1-RELEASE,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE
Branch point for: nick-nhusb,
netbsd-7-1,
netbsd-7-0,
netbsd-7
Changes since 1.318: +3 -3
lines
Diff to previous 1.318 (colored) to selected 1.384 (colored)
Add 3rd argument to pktq_create to pass sc It will be used to pass bridge sc for bridge_forward softint. ok rmind@
Revision 1.318 / (download) - annotate - [select for diffs], Thu Jun 5 23:48:16 2014 UTC (9 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.317: +91 -63
lines
Diff to previous 1.317 (colored) to selected 1.384 (colored)
- Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr(). Discussed on tech-net.
Revision 1.317 / (download) - annotate - [select for diffs], Fri May 30 01:39:03 2014 UTC (9 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.316: +9 -6
lines
Diff to previous 1.316 (colored) to selected 1.384 (colored)
Introduce 2 new variables: ipsec_enabled and ipsec_used. Ipsec enabled is controlled by sysctl and determines if is allowed. ipsec_used is set automatically based on ipsec being enabled, and rules existing.
Revision 1.316 / (download) - annotate - [select for diffs], Thu May 29 23:02:48 2014 UTC (9 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.315: +3 -5
lines
Diff to previous 1.315 (colored) to selected 1.384 (colored)
Make IGMP and multicast group management code MP-safe. Use a read-write lock to protect the hash table of multicast address records; also, make it private and eliminate some macros. In the long term, the lookup path ought to be optimised.
Revision 1.315 / (download) - annotate - [select for diffs], Wed May 28 19:19:33 2014 UTC (9 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.314: +4 -4
lines
Diff to previous 1.314 (colored) to selected 1.384 (colored)
CID 12164{49,51}: Remove bogus ifp == NULL checks; if ifp was really NULL, we would have been dead a few lines before the tests.
Revision 1.314 / (download) - annotate - [select for diffs], Fri May 23 23:38:48 2014 UTC (9 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.313: +21 -25
lines
Diff to previous 1.313 (colored) to selected 1.384 (colored)
ip_input(), ip_savecontrol(): cache m->m_pkthdr.rcvif in a variable.
Revision 1.313 / (download) - annotate - [select for diffs], Fri May 23 19:35:24 2014 UTC (9 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.312: +4 -3
lines
Diff to previous 1.312 (colored) to selected 1.384 (colored)
Make ip_forward() static, there is no need to expose it.
Revision 1.312 / (download) - annotate - [select for diffs], Fri May 23 19:27:48 2014 UTC (9 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.311: +4 -3
lines
Diff to previous 1.311 (colored) to selected 1.384 (colored)
Make ip_input() static, there is no need to expose it.
Revision 1.311 / (download) - annotate - [select for diffs], Thu May 22 22:01:12 2014 UTC (9 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.310: +47 -211
lines
Diff to previous 1.310 (colored) to selected 1.384 (colored)
- Add in_init() and move some functions, variables and sysctls into in.c where they belong to. Make some functions and variables static. - ip_input.c: reduce some #ifdefs, cleanup a little. - Move some sysctls into ip_flow.c as they belong there. No functional change.
Revision 1.310 / (download) - annotate - [select for diffs], Wed Mar 19 08:27:21 2014 UTC (10 years, 1 month ago) by liamjfoy
Branch: MAIN
CVS Tags: yamt-pagecache-base9,
rmind-smpnet-nbase,
rmind-smpnet-base,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15
Branch point for: tls-earlyentropy
Changes since 1.309: +3 -3
lines
Diff to previous 1.309 (colored) to selected 1.384 (colored)
Remove ipflow_prune and replace with ipflow_reap. ok rmind@
Revision 1.309 / (download) - annotate - [select for diffs], Tue Feb 25 18:30:12 2014 UTC (10 years, 1 month ago) by pooka
Branch: MAIN
CVS Tags: riastradh-drm2-base3
Changes since 1.308: +2 -7
lines
Diff to previous 1.308 (colored) to selected 1.384 (colored)
Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before the sysctl link sets are processed, and remove redundancy. Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate lines of code.
Revision 1.308 / (download) - annotate - [select for diffs], Sat Jun 29 21:06:58 2013 UTC (10 years, 9 months ago) by rmind
Branch: MAIN
CVS Tags: riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2
Changes since 1.307: +6 -17
lines
Diff to previous 1.307 (colored) to selected 1.384 (colored)
- Rewrite parts of pfil(9): use array to store hooks and thus be more cache friendly (there are only few hooks in the system). Make the structures opaque and the interface more strict. - Remove PFIL_HOOKS option by making pfil(9) mandatory.
Revision 1.307 / (download) - annotate - [select for diffs], Thu Jun 27 20:17:36 2013 UTC (10 years, 9 months ago) by christos
Branch: MAIN
Branch point for: rmind-smpnet
Changes since 1.306: +4 -4
lines
Diff to previous 1.306 (colored) to selected 1.384 (colored)
flip src/dst
Revision 1.306 / (download) - annotate - [select for diffs], Thu Jun 27 19:38:16 2013 UTC (10 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.305: +20 -2
lines
Diff to previous 1.305 (colored) to selected 1.384 (colored)
implement IP_PKTINFO and IP_RECVPKTINFO.
Revision 1.305 / (download) - annotate - [select for diffs], Sat Jun 8 13:50:22 2013 UTC (10 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.304: +16 -135
lines
Diff to previous 1.304 (colored) to selected 1.384 (colored)
Split IPsec code in ip_input() and ip_forward() into the separate routines ipsec4_input() and ipsec4_forward(). Tested by christos@.
Revision 1.304 / (download) - annotate - [select for diffs], Wed Jun 5 19:01:26 2013 UTC (10 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.303: +13 -13
lines
Diff to previous 1.303 (colored) to selected 1.384 (colored)
IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
Revision 1.303 / (download) - annotate - [select for diffs], Thu Nov 29 02:07:20 2012 UTC (11 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base8,
yamt-pagecache-base7,
khorben-n900,
agc-symver-base,
agc-symver
Changes since 1.302: +9 -3
lines
Diff to previous 1.302 (colored) to selected 1.384 (colored)
Add a new sysctl to mark ports as reserved, so that they are not used in the anonymous or reserved port allocation.
Revision 1.302 / (download) - annotate - [select for diffs], Mon Jun 25 15:28:39 2012 UTC (11 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base6
Branch point for: tls-maxphys
Changes since 1.301: +9 -9
lines
Diff to previous 1.301 (colored) to selected 1.384 (colored)
rename rfc6056 -> portalgo, requested by yamt
Revision 1.301 / (download) - annotate - [select for diffs], Fri Jun 22 14:54:35 2012 UTC (11 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.300: +24 -2
lines
Diff to previous 1.300 (colored) to selected 1.384 (colored)
PR/46602: Move the rfc6056 port randomization to the IP layer.
Revision 1.300 / (download) - annotate - [select for diffs], Sat Jun 2 21:36:47 2012 UTC (11 years, 10 months ago) by dsl
Branch: MAIN
Changes since 1.299: +3 -3
lines
Diff to previous 1.299 (colored) to selected 1.384 (colored)
Add some pre-processor magic to verify that the type of the data item passed to sysctl_createv() actually matches the declared type for the item itself. In the places where the caller specifies a function and a structure address (typically the 'softc') an explicit (void *) cast is now needed. Fixes bugs in sys/dev/acpi/asus_acpi.c sys/dev/bluetooth/bcsp.c sys/kern/vfs_bio.c sys/miscfs/syncfs/sync_subr.c and setting AcpiGbl_EnableAmlDebugObject. (mostly passing the address of a uint64_t when typed as CTLTYPE_INT). I've test built quite a few kernels, but there may be some unfixed MD fallout. Most likely passing &char[] to char *. Also add CTLFLAG_UNSIGNED for unsiged decimals - not set yet.
Revision 1.299 / (download) - annotate - [select for diffs], Thu Mar 22 20:34:39 2012 UTC (12 years ago) by drochner
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
jmcneill-usbmp-base9,
jmcneill-usbmp-base8,
jmcneill-usbmp-base10
Changes since 1.298: +5 -39
lines
Diff to previous 1.298 (colored) to selected 1.384 (colored)
remove KAME IPSEC, replaced by FAST_IPSEC
Revision 1.298 / (download) - annotate - [select for diffs], Mon Jan 9 14:31:22 2012 UTC (12 years, 3 months ago) by liamjfoy
Branch: MAIN
CVS Tags: netbsd-6-base,
netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus,
jmcneill-usbmp-base7,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base2
Branch point for: netbsd-6-1,
netbsd-6-0,
netbsd-6
Changes since 1.297: +3 -3
lines
Diff to previous 1.297 (colored) to selected 1.384 (colored)
check against NULL
Revision 1.297 / (download) - annotate - [select for diffs], Mon Dec 19 11:59:56 2011 UTC (12 years, 4 months ago) by drochner
Branch: MAIN
Changes since 1.296: +10 -10
lines
Diff to previous 1.296 (colored) to selected 1.384 (colored)
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
Revision 1.296 / (download) - annotate - [select for diffs], Wed Aug 31 18:31:03 2011 UTC (12 years, 7 months ago) by plunky
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
jmcneill-usbmp-pre-base2,
jmcneill-usbmp-base,
jmcneill-audiomp3-base,
jmcneill-audiomp3
Branch point for: yamt-pagecache,
jmcneill-usbmp
Changes since 1.295: +3 -3
lines
Diff to previous 1.295 (colored) to selected 1.384 (colored)
NULL does not need a cast
Revision 1.295 / (download) - annotate - [select for diffs], Tue May 3 17:44:31 2011 UTC (12 years, 11 months ago) by dyoung
Branch: MAIN
CVS Tags: rmind-uvmplock-nbase,
rmind-uvmplock-base,
cherry-xenmp-base,
cherry-xenmp
Changes since 1.294: +19 -2
lines
Diff to previous 1.294 (colored) to selected 1.384 (colored)
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler. Contributed by Coyote Point Systems, Inc.
Revision 1.294 / (download) - annotate - [select for diffs], Thu Apr 14 20:32:04 2011 UTC (13 years ago) by dyoung
Branch: MAIN
Changes since 1.293: +3 -5
lines
Diff to previous 1.293 (colored) to selected 1.384 (colored)
In ipintr(), don't overwrite ipintrq.ifq_maxlen with IFQ_MAXLEN. Initialize ipintrq.ifq_maxlen using IFQ_MAXLEN directly instead of using the global ipqmaxlen. Get rid of the global ipqmaxlen. Now it works again to override the maximum IP queue length with, for example, sysctl -w net.inet.ip.ifq.maxlen=5.
Revision 1.293 / (download) - annotate - [select for diffs], Mon Dec 13 14:18:50 2010 UTC (13 years, 4 months ago) by matt
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231,
jruoho-x86intr-base,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2
Branch point for: jruoho-x86intr
Changes since 1.292: +2 -4
lines
Diff to previous 1.292 (colored) to selected 1.384 (colored)
Back out rev that shouldn't have been committed.
Revision 1.292 / (download) - annotate - [select for diffs], Sat Dec 11 22:37:46 2010 UTC (13 years, 4 months ago) by matt
Branch: MAIN
Changes since 1.291: +4 -2
lines
Diff to previous 1.291 (colored) to selected 1.384 (colored)
Add routines to calculate a checkesum if the driver concludes that the h/w can't do it.
Revision 1.291 / (download) - annotate - [select for diffs], Fri Nov 5 01:35:57 2010 UTC (13 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: uebayasi-xip-base4
Changes since 1.290: +4 -3
lines
Diff to previous 1.290 (colored) to selected 1.384 (colored)
ip_randomid: make mechanism MP-safe and more modular. OK matt@
Revision 1.290 / (download) - annotate - [select for diffs], Fri Nov 5 00:21:51 2010 UTC (13 years, 5 months ago) by rmind
Branch: MAIN
Changes since 1.289: +8 -45
lines
Diff to previous 1.289 (colored) to selected 1.384 (colored)
ip_reass_packet: finish abstraction; some clean-up. Discussed some time ago with matt@.
Revision 1.289 / (download) - annotate - [select for diffs], Mon Jul 19 14:09:45 2010 UTC (13 years, 9 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-nfs-mp-base11,
yamt-nfs-mp-base10,
uebayasi-xip-base3,
uebayasi-xip-base2
Changes since 1.288: +29 -53
lines
Diff to previous 1.288 (colored) to selected 1.384 (colored)
Abstract IP reassembly into single generic routine - ip_reass_packet(). Make struct ipq private and struct ipqent not visible to userland. Push ip_len adjustment into reassembly layer. OK matt@
Revision 1.288 / (download) - annotate - [select for diffs], Tue Jul 13 22:16:10 2010 UTC (13 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.287: +30 -541
lines
Diff to previous 1.287 (colored) to selected 1.384 (colored)
Split-off IPv4 re-assembly mechanism into a separate module. Abstract into ip_reass_init(), ip_reass_lookup(), etc (note: abstraction is not yet complete). No functional changes to the actual mechanism. OK matt@
Revision 1.287 / (download) - annotate - [select for diffs], Fri Jul 9 18:42:46 2010 UTC (13 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.286: +35 -36
lines
Diff to previous 1.286 (colored) to selected 1.384 (colored)
ip_input: move lookup for fragment queue a little bit further. OK matt@.
Revision 1.286 / (download) - annotate - [select for diffs], Thu Apr 1 01:23:32 2010 UTC (14 years ago) by tls
Branch: MAIN
CVS Tags: uebayasi-xip-base1
Changes since 1.285: +23 -7
lines
Diff to previous 1.285 (colored) to selected 1.384 (colored)
As suggested by at least 3 different people (the guilty parties know who they are) avoid repeated kernel_lock/unlock by using an intrq on the stack. About 5%-10% better from run to run, on my *very* simpleminded test. Can't possibly be worse.
Revision 1.285 / (download) - annotate - [select for diffs], Wed Mar 31 07:31:15 2010 UTC (14 years ago) by tls
Branch: MAIN
Changes since 1.284: +4 -2
lines
Diff to previous 1.284 (colored) to selected 1.384 (colored)
Don't hold kernel lock across call to ip_input() -- it blocked *all* hardware interrupts for the length of time it took for all dequeued packets to flow up the stack (on multiprocessors only). Initial testing shows performance impact is minimal -- since this temporary fix actually means taking/releasing the kernel lock per-packet, that seems acceptable. Holding the kernel lock across the ip_input() call duplicated the exclusion intended to be provided by the socket locks/softnet lock (same lock, for INET/INET6 sockets) and could mask serious bugs. Several hours' testing didn't turn any up but I'd be surprised if some don't now appear. Damon Permezel noticed the problem. Temporary fix suggested by matt@.
Revision 1.284 / (download) - annotate - [select for diffs], Wed Sep 16 15:23:05 2009 UTC (14 years, 7 months ago) by pooka
Branch: MAIN
CVS Tags: yamt-nfs-mp-base9,
uebayasi-xip-base,
matt-premerge-20091211,
jym-xensuspend-nbase
Branch point for: uebayasi-xip,
rmind-uvmplock
Changes since 1.283: +8 -3
lines
Diff to previous 1.283 (colored) to selected 1.384 (colored)
Replace a large number of link set based sysctl node creations with calls from subsystem constructors. Benefits both future kernel modules and rump. no change to sysctl nodes on i386/MONOLITHIC & build tested i386/ALL
Revision 1.283 / (download) - annotate - [select for diffs], Fri Jul 17 18:09:25 2009 UTC (14 years, 9 months ago) by minskim
Branch: MAIN
CVS Tags: yamt-nfs-mp-base8,
yamt-nfs-mp-base7,
jymxensuspend-base
Changes since 1.282: +6 -6
lines
Diff to previous 1.282 (colored) to selected 1.384 (colored)
Delete trailing whitespace.
Revision 1.282 / (download) - annotate - [select for diffs], Thu Jul 16 04:09:51 2009 UTC (14 years, 9 months ago) by minskim
Branch: MAIN
CVS Tags: yamt-nfs-mp-base6
Changes since 1.281: +8 -2
lines
Diff to previous 1.281 (colored) to selected 1.384 (colored)
Add the IP_RECVTTL option support. If the IP_RECVTTL option is enabled on a SOCK_DGRAM socket, the recvmsg(2) call will return the TTL of the received datagram. The msg_control field in the msghdr structure points to a buffer that contains a cmsghdr structure followed by the TTL value. Modeled after FreeBSD implementation.
Revision 1.281 / (download) - annotate - [select for diffs], Sat Apr 18 14:58:05 2009 UTC (15 years ago) by tsutsui
Branch: MAIN
CVS Tags: yamt-nfs-mp-base5,
yamt-nfs-mp-base4,
yamt-nfs-mp-base3,
nick-hppapmap-base4,
nick-hppapmap-base3,
nick-hppapmap-base,
jym-xensuspend-base
Changes since 1.280: +6 -6
lines
Diff to previous 1.280 (colored) to selected 1.384 (colored)
Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
Revision 1.280 / (download) - annotate - [select for diffs], Wed Apr 15 20:44:25 2009 UTC (15 years ago) by elad
Branch: MAIN
Changes since 1.279: +6 -5
lines
Diff to previous 1.279 (colored) to selected 1.384 (colored)
Remove a few KAUTH_GENERIC_ISSUSER in favor of more descriptive alternatives. Discussed on tech-kern: http://mail-index.netbsd.org/tech-kern/2009/04/11/msg004798.html Input from ad@, christos@, dyoung@, tsutsui@. Okay ad@.
Revision 1.279 / (download) - annotate - [select for diffs], Wed Mar 18 17:06:52 2009 UTC (15 years, 1 month ago) by cegger
Branch: MAIN
Changes since 1.278: +6 -6
lines
Diff to previous 1.278 (colored) to selected 1.384 (colored)
bcopy -> memcpy
Revision 1.278 / (download) - annotate - [select for diffs], Mon Jan 19 02:27:57 2009 UTC (15 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: nick-hppapmap-base2
Branch point for: jym-xensuspend
Changes since 1.277: +21 -3
lines
Diff to previous 1.277 (colored) to selected 1.384 (colored)
Provide compatibility to the old timeval SCM_TIMESTAMP messages.
Revision 1.277 / (download) - annotate - [select for diffs], Wed Dec 17 20:51:37 2008 UTC (15 years, 4 months ago) by cegger
Branch: MAIN
CVS Tags: mjf-devfs2-base
Changes since 1.276: +5 -6
lines
Diff to previous 1.276 (colored) to selected 1.384 (colored)
kill MALLOC and FREE macros.
Revision 1.276 / (download) - annotate - [select for diffs], Sun Nov 23 19:52:38 2008 UTC (15 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: haad-nbase2,
haad-dm-base2,
haad-dm-base,
ad-audiomp2-base,
ad-audiomp2
Changes since 1.275: +3 -2
lines
Diff to previous 1.275 (colored) to selected 1.384 (colored)
ip_input: fix an IPQ "lock" leak. (hi <matt>!)
Revision 1.275 / (download) - annotate - [select for diffs], Sat Oct 4 00:09:34 2008 UTC (15 years, 6 months ago) by pooka
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-4,
netbsd-5-base,
matt-mips64-base2,
haad-dm-base1
Branch point for: nick-hppapmap,
netbsd-5
Changes since 1.274: +9 -6
lines
Diff to previous 1.274 (colored) to selected 1.384 (colored)
POOL_INIT -> pool_init
Revision 1.274 / (download) - annotate - [select for diffs], Fri Sep 5 13:39:12 2008 UTC (15 years, 7 months ago) by seanb
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-3,
wrstuden-revivesa-base-2
Changes since 1.273: +7 -7
lines
Diff to previous 1.273 (colored) to selected 1.384 (colored)
Wrong route being consulted in one place in ip_forward() after change to rtcache_*(). Restore previous behaviour.
Revision 1.273 / (download) - annotate - [select for diffs], Wed Aug 20 18:35:20 2008 UTC (15 years, 8 months ago) by matt
Branch: MAIN
Changes since 1.272: +26 -12
lines
Diff to previous 1.272 (colored) to selected 1.384 (colored)
Make the sysctl routines take out softnet_lock before dealing with any data structures. Change inet6ctlerrmap and zeroin6_addr to const.
Revision 1.272 / (download) - annotate - [select for diffs], Mon May 5 17:11:17 2008 UTC (15 years, 11 months ago) by ad
Branch: MAIN
CVS Tags: yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
yamt-nfs-mp-base2,
wrstuden-revivesa-base-1,
wrstuden-revivesa-base,
simonb-wapbl-nbase,
simonb-wapbl-base,
simonb-wapbl,
hpcarm-cleanup-nbase
Branch point for: wrstuden-revivesa,
haad-dm
Changes since 1.271: +6 -6
lines
Diff to previous 1.271 (colored) to selected 1.384 (colored)
- Convert hashinit() to use kmem_alloc(). The hash tables can be large and it's better to not have them in kmem_map. - Convert a couple of minor items along the way to kmem_alloc(). - Fix some memory leaks.
Revision 1.271 / (download) - annotate - [select for diffs], Sun May 4 07:22:14 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.270: +3 -8
lines
Diff to previous 1.270 (colored) to selected 1.384 (colored)
Simplify the interface to netstat_sysctl() and allocate space for the collated counters using kmem_alloc(). PR kern/38577
Revision 1.270 / (download) - annotate - [select for diffs], Fri May 2 13:40:32 2008 UTC (15 years, 11 months ago) by ad
Branch: MAIN
Changes since 1.269: +4 -5
lines
Diff to previous 1.269 (colored) to selected 1.384 (colored)
PR kern/38497 Out of memory allocating ksiginfo Work around: don't acquire softnet_lock in protocol drain routines.
Revision 1.269 / (download) - annotate - [select for diffs], Mon Apr 28 20:24:09 2008 UTC (15 years, 11 months ago) by martin
Branch: MAIN
Changes since 1.268: +2 -9
lines
Diff to previous 1.268 (colored) to selected 1.384 (colored)
Remove clause 3 and 4 from TNF licenses
Revision 1.268 / (download) - annotate - [select for diffs], Thu Apr 24 11:38:37 2008 UTC (15 years, 11 months ago) by ad
Branch: MAIN
CVS Tags: yamt-nfs-mp-base
Branch point for: yamt-nfs-mp
Changes since 1.267: +27 -15
lines
Diff to previous 1.267 (colored) to selected 1.384 (colored)
Merge the socket locking patch: - Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions. With much feedback from matt@ and plunky@.
Revision 1.267 / (download) - annotate - [select for diffs], Wed Apr 23 06:09:04 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.266: +10 -29
lines
Diff to previous 1.266 (colored) to selected 1.384 (colored)
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
Revision 1.266 / (download) - annotate - [select for diffs], Sat Apr 12 05:58:22 2008 UTC (16 years ago) by thorpej
Branch: MAIN
CVS Tags: yamt-pf42-baseX,
yamt-pf42-base
Branch point for: yamt-pf42
Changes since 1.265: +85 -39
lines
Diff to previous 1.265 (colored) to selected 1.384 (colored)
Make IP, TCP, UDP, and ICMP statistics per-CPU. The stats are collated when the user requests them via sysctl.
Revision 1.265 / (download) - annotate - [select for diffs], Wed Apr 9 05:14:20 2008 UTC (16 years ago) by thorpej
Branch: MAIN
Changes since 1.264: +3 -3
lines
Diff to previous 1.264 (colored) to selected 1.384 (colored)
- ipflow is not used outside ip_flow.c; move its definition there. - Make ipflow_reap() private to ip_flow.c, and introduce ipflow_prune() for external callers to use (avoids returning an ipflow * that is never actually used anyway).
Revision 1.264 / (download) - annotate - [select for diffs], Mon Apr 7 06:31:28 2008 UTC (16 years ago) by thorpej
Branch: MAIN
Changes since 1.263: +37 -37
lines
Diff to previous 1.263 (colored) to selected 1.384 (colored)
Change IP stats from a structure to an array of uint64_t's. Note: This is ABI-compatible with the old ipstat structure; old netstat binaries will continue to work properly.
Revision 1.263 / (download) - annotate - [select for diffs], Thu Mar 27 00:18:56 2008 UTC (16 years ago) by cube
Branch: MAIN
Changes since 1.262: +17 -16
lines
Diff to previous 1.262 (colored) to selected 1.384 (colored)
- Make sure we send a reasonable fragment size when IPSEC is configured. Otherwise we end up sending a dubious "0" whenever we cannot find a proper association for the packet. - Reset sack_newdata along with snd_nxt to avoid improper integer arithmetics that lead to sending data from an incorrect place in the stream, making it appear as corrupted. Patch by Michael Van Elst, based on an analysis by Michael for the IPSEC stuff and I for the SACK issue.
Revision 1.262 / (download) - annotate - [select for diffs], Wed Feb 6 03:20:51 2008 UTC (16 years, 2 months ago) by matt
Branch: MAIN
CVS Tags: yamt-lazymbuf-base15,
yamt-lazymbuf-base14,
nick-net80211-sync-base,
nick-net80211-sync,
mjf-devfs-base,
matt-armv6-nbase,
keiichi-mipv6-nbase,
keiichi-mipv6-base,
keiichi-mipv6,
hpcarm-cleanup-base,
ad-socklock-base1
Branch point for: mjf-devfs2
Changes since 1.261: +3 -2
lines
Diff to previous 1.261 (colored) to selected 1.384 (colored)
Add a new ip_id generation scheme based on a Fisher-Yates shuffle over a sliding window. XXX replace use of arc4random RSN.
Revision 1.261 / (download) - annotate - [select for diffs], Mon Jan 14 04:19:09 2008 UTC (16 years, 3 months ago) by dyoung
Branch: MAIN
CVS Tags: bouyer-xeni386-nbase,
bouyer-xeni386-base
Changes since 1.260: +4 -4
lines
Diff to previous 1.260 (colored) to selected 1.384 (colored)
Use rtcache_validate() instead of rtcache_getrt(). Shorten staircase in in_losing().
Revision 1.260 / (download) - annotate - [select for diffs], Sat Dec 22 15:41:11 2007 UTC (16 years, 3 months ago) by matt
Branch: MAIN
CVS Tags: vmlocking2-base3,
matt-armv6-base
Changes since 1.259: +14 -5
lines
Diff to previous 1.259 (colored) to selected 1.384 (colored)
Fix offset calculation. Make sure that all frags use the same TOS.
Revision 1.259 / (download) - annotate - [select for diffs], Fri Dec 21 23:49:09 2007 UTC (16 years, 4 months ago) by matt
Branch: MAIN
Changes since 1.258: +5 -4
lines
Diff to previous 1.258 (colored) to selected 1.384 (colored)
Also make sure the first is at 68 bytes long.
Revision 1.258 / (download) - annotate - [select for diffs], Fri Dec 21 18:58:55 2007 UTC (16 years, 4 months ago) by matt
Branch: MAIN
Changes since 1.257: +13 -3
lines
Diff to previous 1.257 (colored) to selected 1.384 (colored)
Prevent TCP blind data attacks by not allowing non-initial fragments to start at less than 68 bytes (minimal fragment size).
Revision 1.257 / (download) - annotate - [select for diffs], Thu Dec 20 19:53:32 2007 UTC (16 years, 4 months ago) by dyoung
Branch: MAIN
Changes since 1.256: +10 -10
lines
Diff to previous 1.256 (colored) to selected 1.384 (colored)
Poison struct route->ro_rt uses in the kernel by changing the name to _ro_rt. Use rtcache_getrt() to access a route cache's struct rtentry *. Introduce struct ifnet->if_dl that always points at the interface identifier/link-layer address. Make code that treated the first ifaddr on struct ifnet->if_addrlist as the interface address use if_dl, instead. Remove stale debugging code from net/route.c. Move the rtflush() code into rtcache_clear() and delete rtflush(). Delete rtalloc(), because nothing uses it any more. Make ND6_HINT an inline, lowercase subroutine, nd6_hint. I've done my best to convert IP Filter, the ISO stack, and the AppleTalk stack to rtcache_getrt(). They compile, but I have not tested them. I have given the changes to PF, GRE, IPv4 and IPv6 stacks a lot of exercise.
Revision 1.256 / (download) - annotate - [select for diffs], Mon Nov 26 08:40:46 2007 UTC (16 years, 4 months ago) by yamt
Branch: MAIN
CVS Tags: yamt-kmem-base3,
yamt-kmem-base2,
yamt-kmem-base,
yamt-kmem,
vmlocking2-base2,
vmlocking2-base1,
vmlocking-nbase,
reinoud-bufcleanup-nbase,
reinoud-bufcleanup-base,
jmcneill-pm-base,
cube-autoconf-base,
cube-autoconf
Branch point for: vmlocking2,
bouyer-xeni386
Changes since 1.255: +11 -8
lines
Diff to previous 1.255 (colored) to selected 1.384 (colored)
inetctlerrmap: use designated initializer.
Revision 1.255 / (download) - annotate - [select for diffs], Fri Nov 9 06:59:33 2007 UTC (16 years, 5 months ago) by kefren
Branch: MAIN
CVS Tags: bouyer-xenamd64-base2,
bouyer-xenamd64-base
Changes since 1.254: +2 -3
lines
Diff to previous 1.254 (colored) to selected 1.384 (colored)
Don't MCLAIM in ipintr() because we do it anyway in ip_input()
Revision 1.254 / (download) - annotate - [select for diffs], Tue Oct 2 20:35:04 2007 UTC (16 years, 6 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-x86pmap-base4,
yamt-x86pmap-base3,
yamt-x86pmap-base2,
vmlocking-base,
jmcneill-base
Branch point for: mjf-devfs,
bouyer-xenamd64
Changes since 1.253: +2 -28
lines
Diff to previous 1.253 (colored) to selected 1.384 (colored)
Delete the unused second argument to ip_stripoptions(), move it closer to its single caller in if_eon.c, try to move fewer bytes by moving the IP header forward instead of moving the tail of the mbuf backward, and use m_adj(9) instead of fiddling directly with mbuf data members.
Revision 1.253 / (download) - annotate - [select for diffs], Tue Sep 11 14:18:09 2007 UTC (16 years, 7 months ago) by degroote
Branch: MAIN
CVS Tags: yamt-x86pmap-base
Branch point for: yamt-x86pmap
Changes since 1.252: +2 -3
lines
Diff to previous 1.252 (colored) to selected 1.384 (colored)
In some FAST_IPSEC, spl level is not restored correctly. Fix that. Spotted by Wolfgang Stukenbrock in pr/36800
Revision 1.252 / (download) - annotate - [select for diffs], Thu Aug 30 02:17:37 2007 UTC (16 years, 7 months ago) by dyoung
Branch: MAIN
CVS Tags: nick-csl-alignment-base5
Changes since 1.251: +7 -4
lines
Diff to previous 1.251 (colored) to selected 1.384 (colored)
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range. Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless. Avoid using sizeof(struct sockaddr_dl) in the kernel. Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap. Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr(). Constify: LLADDR() -> CLLADDR(). Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
Revision 1.251 / (download) - annotate - [select for diffs], Fri Aug 10 22:46:16 2007 UTC (16 years, 8 months ago) by dyoung
Branch: MAIN
Branch point for: matt-armv6
Changes since 1.250: +5 -9
lines
Diff to previous 1.250 (colored) to selected 1.384 (colored)
Use sockaddr_dl_init().
Revision 1.250 / (download) - annotate - [select for diffs], Thu Jul 19 20:48:55 2007 UTC (16 years, 9 months ago) by dyoung
Branch: MAIN
CVS Tags: matt-mips64-base,
hpcarm-cleanup
Branch point for: matt-mips64,
jmcneill-pm
Changes since 1.249: +4 -6
lines
Diff to previous 1.249 (colored) to selected 1.384 (colored)
Take steps to hide the radix_node implementation of the forwarding table from the forwarding table's users: Introduce rt_walktree() for walking the routing table and applying a function to each rtentry. Replace most rn_walktree() calls with it. Use rt_getkey()/rt_setkey() to get/set a route's destination. Keep a pointer to the sockaddr key in the rtentry, so that rtentry users do not have to grovel in the radix_node for the key. Add a RTM_GET method to rtrequest. Use that instead of radix_node lookups in, e.g., carp(4). Add sys/net/link_proto.c, which supplies sockaddr routines for link-layer socket addresses (sockaddr_dl). Cosmetic: Constify. KNF. Stop open-coding LIST_FOREACH, TAILQ_FOREACH, et cetera. Use NULL instead of 0 for null pointers. Use __arraycount(). Reduce gratuitous parenthesization. Stop using variadic arguments for rip6_output(), it is unnecessary. Remove the unnecessary rtentry member rt_genmask and the code to maintain it, since nothing actually used it. Make rt_maskedcopy() easier to read by using meaningful variable names. Extract a subroutine intern_netmask() for looking up a netmask in the masks table. Start converting backslash-ridden IPv6 macros in sys/netinet6/in6_var.h into inline subroutines that one can read without special eyeglasses. One functional change: when the kernel serves an RTM_GET, RTM_LOCK, or RTM_CHANGE request, it applies the netmask (if supplied) to a destination before searching for it in the forwarding table. I have changed sys/netinet/ip_carp.c, carp_setroute(), to remove the unlawful radix_node knowledge. Apart from the changes to carp(4), netiso, ATM, and strip(4), I have run the changes on three nodes in my wireless routing testbed, which involves IPv4 + IPv6 dynamic routing acrobatics, and it's working beautifully so far.
Revision 1.249 / (download) - annotate - [select for diffs], Wed May 2 20:40:25 2007 UTC (16 years, 11 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-idlelwp-base8,
nick-csl-alignment-base,
mjf-ufs-trans-base
Branch point for: nick-csl-alignment
Changes since 1.248: +22 -37
lines
Diff to previous 1.248 (colored) to selected 1.384 (colored)
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route. The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also. Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine. DETAILS 1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs: struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa); sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool. sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike. The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9). 2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory. 3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination: int rtcache_setdst(struct route *, const struct sockaddr *); rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage. It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel. 4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
Revision 1.248 / (download) - annotate - [select for diffs], Sun Mar 25 20:12:20 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
CVS Tags: thorpej-atomic-base,
thorpej-atomic
Changes since 1.247: +39 -3
lines
Diff to previous 1.247 (colored) to selected 1.384 (colored)
Add net.inet.ip.hashsize to control the IPv4 fast forward hash table size.
Revision 1.247 / (download) - annotate - [select for diffs], Sat Mar 24 00:27:58 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
Changes since 1.246: +4 -5
lines
Diff to previous 1.246 (colored) to selected 1.384 (colored)
Don't call ip*flow_reap if we're just looking up maxflows
Revision 1.246 / (download) - annotate - [select for diffs], Mon Mar 12 18:18:36 2007 UTC (17 years, 1 month ago) by ad
Branch: MAIN
Branch point for: reinoud-bufcleanup,
mjf-ufs-trans
Changes since 1.245: +6 -4
lines
Diff to previous 1.245 (colored) to selected 1.384 (colored)
Pass an ipl argument to pool_init/POOL_INIT to be used when initializing the pool's lock.
Revision 1.245 / (download) - annotate - [select for diffs], Mon Mar 5 00:50:53 2007 UTC (17 years, 1 month ago) by liamjfoy
Branch: MAIN
Branch point for: vmlocking
Changes since 1.244: +2 -5
lines
Diff to previous 1.244 (colored) to selected 1.384 (colored)
Move ipflow_slowtimo from ip_slowtimo and into in_proto.c ok matt@
Revision 1.244 / (download) - annotate - [select for diffs], Sun Mar 4 06:03:21 2007 UTC (17 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.243: +22 -22
lines
Diff to previous 1.243 (colored) to selected 1.384 (colored)
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
Revision 1.243 / (download) - annotate - [select for diffs], Sat Feb 17 22:34:11 2007 UTC (17 years, 2 months ago) by dyoung
Branch: MAIN
CVS Tags: ad-audiomp-base,
ad-audiomp
Changes since 1.242: +10 -10
lines
Diff to previous 1.242 (colored) to selected 1.384 (colored)
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous parentheses in return statements. Cosmetic: don't open-code TAILQ_FOREACH(). Cosmetic: change types of variables to avoid oodles of casts: in in6_src.c, avoid casts by changing several route_in6 pointers to struct route pointers. Remove unnecessary casts to caddr_t elsewhere. Pave the way for eliminating address family-specific route caches: soon, struct route will not embed a sockaddr, but it will hold a reference to an external sockaddr, instead. We will set the destination sockaddr using rtcache_setdst(). (I created a stub for it, but it isn't used anywhere, yet.) rtcache_free() will free the sockaddr. I have extracted from rtcache_free() a helper subroutine, rtcache_clear(). rtcache_clear() will "forget" a cached route, but it will not forget the destination by releasing the sockaddr. I use rtcache_clear() instead of rtcache_free() in rtcache_update(), because rtcache_update() is not supposed to forget the destination. Constify: 1 Introduce const accessor for route->ro_dst, rtcache_getdst(). 2 Constify the 'dst' argument to ifnet->if_output(). This led me to constify a lot of code called by output routines. 3 Constify the sockaddr argument to protosw->pr_ctlinput. This led me to constify a lot of code called by ctlinput routines. 4 Introduce const macros for converting from a generic sockaddr to family-specific sockaddrs, e.g., sockaddr_in: satocsin6, satocsin, et cetera.
Revision 1.242 / (download) - annotate - [select for diffs], Mon Jan 29 05:48:56 2007 UTC (17 years, 2 months ago) by dyoung
Branch: MAIN
CVS Tags: post-newlock2-merge,
newlock2-nbase,
newlock2-base
Branch point for: yamt-idlelwp
Changes since 1.241: +4 -4
lines
Diff to previous 1.241 (colored) to selected 1.384 (colored)
Cosmetic: remove extraneous, non-KNF parentheses. Change a sizeof(type) to a sizeof(*ptr) so the correctness of the statement is correct "at a glance" (or so I hope).
Revision 1.241 / (download) - annotate - [select for diffs], Fri Dec 22 05:34:02 2006 UTC (17 years, 4 months ago) by ad
Branch: MAIN
Changes since 1.240: +3 -3
lines
Diff to previous 1.240 (colored) to selected 1.384 (colored)
ipintr(): check if the queue is empty before looping. Hardly a giant win, but removed 30% of splnet() calls in one local test.
Revision 1.240 / (download) - annotate - [select for diffs], Fri Dec 15 21:18:53 2006 UTC (17 years, 4 months ago) by joerg
Branch: MAIN
CVS Tags: yamt-splraiseipl-base5,
yamt-splraiseipl-base4
Changes since 1.239: +18 -15
lines
Diff to previous 1.239 (colored) to selected 1.384 (colored)
Introduce new helper functions to abstract the route caching. rtcache_init and rtcache_init_noclone lookup ro_dst and store the result in ro_rt, taking care of the reference counting and calling the domain specific route cache. rtcache_free checks if a route was cashed and frees the reference. rtcache_copy copies ro_dst of the given struct route, checking that enough space is available and incrementing the reference count of the cached rtentry if necessary. rtcache_check validates that the cached route is still up. If it isn't, it tries to look it up again. Afterwards ro_rt is either a valid again or NULL. rtcache_copy is used internally. Adjust to callers of rtalloc/rtflush in the tree to check the sanity of ro_dst first (if necessary). If it doesn't fit the expectations, free the cache, otherwise check if the cached route is still valid. After that combination, a single check for ro_rt == NULL is enough to decide whether a new lookup needs to be done with a different ro_dst. Make the route checking in gre stricter by repeating the loop check after revalidation. Remove some unused RADIX_MPATH code in in6_src.c. The logic is slightly changed here to first validate the route and check RTF_GATEWAY afterwards. This is sementically equivalent though. etherip doesn't need sc_route_expire similiar to the gif changes from dyoung@ earlier. Based on the earlier patch from dyoung@, reviewed and discussed with him.
Revision 1.239 / (download) - annotate - [select for diffs], Sat Dec 9 05:33:04 2006 UTC (17 years, 4 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-splraiseipl-base3
Changes since 1.238: +12 -16
lines
Diff to previous 1.238 (colored) to selected 1.384 (colored)
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf). Stale IPv6 and ISO route caches will be treated by separate patches. Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here. Here are the details: Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall. Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route. Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache. In rtrequest1(), call rtflushall() to invalidate route caches when a route is added. In gif(4), discard the workaround for stale caches that involves expiring them every so often. Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro). Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL. Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination. In domain initializers, use .dom_xxx tags. KNF here and there.
Revision 1.238 / (download) - annotate - [select for diffs], Wed Dec 6 00:39:56 2006 UTC (17 years, 4 months ago) by dyoung
Branch: MAIN
Changes since 1.237: +5 -5
lines
Diff to previous 1.237 (colored) to selected 1.384 (colored)
KNF.
Revision 1.237 / (download) - annotate - [select for diffs], Wed Dec 6 00:38:16 2006 UTC (17 years, 4 months ago) by dyoung
Branch: MAIN
Changes since 1.236: +4 -4
lines
Diff to previous 1.236 (colored) to selected 1.384 (colored)
KNF.
Revision 1.236 / (download) - annotate - [select for diffs], Thu Nov 16 01:33:45 2006 UTC (17 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: netbsd-4-base,
netbsd-4-0-RC1
Branch point for: wrstuden-fixsa,
netbsd-4
Changes since 1.235: +3 -3
lines
Diff to previous 1.235 (colored) to selected 1.384 (colored)
__unused removal on arguments; approved by core.
Revision 1.235 / (download) - annotate - [select for diffs], Thu Oct 12 01:32:38 2006 UTC (17 years, 6 months ago) by christos
Branch: MAIN
CVS Tags: yamt-splraiseipl-base2
Changes since 1.234: +3 -3
lines
Diff to previous 1.234 (colored) to selected 1.384 (colored)
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
Revision 1.234 / (download) - annotate - [select for diffs], Tue Oct 10 21:49:14 2006 UTC (17 years, 6 months ago) by dogcow
Branch: MAIN
Changes since 1.233: +4 -4
lines
Diff to previous 1.233 (colored) to selected 1.384 (colored)
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
Revision 1.233 / (download) - annotate - [select for diffs], Thu Oct 5 17:35:19 2006 UTC (17 years, 6 months ago) by tls
Branch: MAIN
Changes since 1.232: +18 -4
lines
Diff to previous 1.232 (colored) to selected 1.384 (colored)
Protect calls to pool_put/pool_get that may occur in interrupt context with spl used to protect other allocations and frees, or datastructure element insertion and removal, in adjacent code. It is almost unquestionably the case that some of the spl()/splx() calls added here are superfluous, but it really seems wrong to see: s=splfoo(); /* frob data structure */ splx(s); pool_put(x); and if we think we need to protect the first operation, then it is hard to see why we should not think we need to protect the next. "Better safe than sorry". It is also almost unquestionably the case that I missed some pool gets/puts from interrupt context with my strategy for finding these calls; use of PR_NOWAIT is a strong hint that a pool may be used from interrupt context but many callers in the kernel pass a "can wait/can't wait" flag down such that my searches might not have found them. One notable area that needs to be looked at is pf. See also: http://mail-index.netbsd.org/tech-kern/2006/07/19/0003.html http://mail-index.netbsd.org/tech-kern/2006/07/19/0009.html
Revision 1.232 / (download) - annotate - [select for diffs], Tue Sep 19 21:42:30 2006 UTC (17 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.231: +3 -3
lines
Diff to previous 1.231 (colored) to selected 1.384 (colored)
Remove ugly (void *) casts from network scope authorization wrapper and calls to it. While here, adapt code for system scope listeners to avoid some more casts (forgotten in previous run). Update documentation.
Revision 1.231 / (download) - annotate - [select for diffs], Wed Sep 13 10:07:42 2006 UTC (17 years, 7 months ago) by elad
Branch: MAIN
CVS Tags: yamt-splraiseipl-base,
yamt-pdpolicy-base9
Branch point for: yamt-splraiseipl
Changes since 1.230: +3 -3
lines
Diff to previous 1.230 (colored) to selected 1.384 (colored)
Don't use KAUTH_RESULT_* where it's not applicable. Prompted by yamt@.
Revision 1.230 / (download) - annotate - [select for diffs], Fri Sep 8 20:58:58 2006 UTC (17 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.229: +5 -3
lines
Diff to previous 1.229 (colored) to selected 1.384 (colored)
First take at security model abstraction. - Add a few scopes to the kernel: system, network, and machdep. - Add a few more actions/sub-actions (requests), and start using them as opposed to the KAUTH_GENERIC_ISSUSER place-holders. - Introduce a basic set of listeners that implement our "traditional" security model, called "bsd44". This is the default (and only) model we have at the moment. - Update all relevant documentation. - Add some code and docs to help folks who want to actually use this stuff: * There's a sample overlay model, sitting on-top of "bsd44", for fast experimenting with tweaking just a subset of an existing model. This is pretty cool because it's *really* straightforward to do stuff you had to use ugly hacks for until now... * And of course, documentation describing how to do the above for quick reference, including code samples. All of these changes were tested for regressions using a Python-based testsuite that will be (I hope) available soon via pkgsrc. Information about the tests, and how to write new ones, can be found on: http://kauth.linbsd.org/kauthwiki NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the following: - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request, - Checks 'securelevel' directly, - Checks a uid/gid directly. (or if you feel you have to, contact me first) This is still work in progress; It's far from being done, but now it'll be a lot easier. Relevant mailing list threads: http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help stablizing kauth(9). Full credit for the regression tests, making sure these changes didn't break anything, goes to Matt Fleming and Jaime Fournier. Happy birthday Randi! :)
Revision 1.229 / (download) - annotate - [select for diffs], Wed Aug 30 18:55:09 2006 UTC (17 years, 7 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pdpolicy-base8,
rpaulo-netinet-merge-pcb-base
Branch point for: newlock2
Changes since 1.228: +6 -3
lines
Diff to previous 1.228 (colored) to selected 1.384 (colored)
fix initializer
Revision 1.228 / (download) - annotate - [select for diffs], Sun Jul 30 17:38:19 2006 UTC (17 years, 8 months ago) by elad
Branch: MAIN
CVS Tags: yamt-pdpolicy-base7,
abandoned-netbsd-4-base,
abandoned-netbsd-4
Changes since 1.227: +28 -4
lines
Diff to previous 1.227 (colored) to selected 1.384 (colored)
ugh.. more stuff that's overdue and should not be in 4.0: remove the sysctl(9) flags CTLFLAG_READONLY[12]. luckily they're not documented so it's only half regression. only two knobs used them; proc.curproc.corename (check added in the existing handler; its CTLFLAG_ANYWRITE, yay) and net.inet.ip.forwsrcrt, that got its own handler now too.
Revision 1.227 / (download) - annotate - [select for diffs], Wed Jun 7 22:34:01 2006 UTC (17 years, 10 months ago) by kardel
Branch: MAIN
CVS Tags: yamt-pdpolicy-base6,
gdamore-uart-base,
gdamore-uart,
chap-midi-nbase,
chap-midi-base
Changes since 1.226: +3 -3
lines
Diff to previous 1.226 (colored) to selected 1.384 (colored)
merge FreeBSD timecounters from branch simonb-timecounters - struct timeval time is gone time.tv_sec -> time_second - struct timeval mono_time is gone mono_time.tv_sec -> time_uptime - access to time via {get,}{micro,nano,bin}time() get* versions are fast but less precise - support NTP nanokernel implementation (NTP API 4) - further reading: Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
Revision 1.226 / (download) - annotate - [select for diffs], Mon May 8 18:50:12 2006 UTC (17 years, 11 months ago) by liamjfoy
Branch: MAIN
CVS Tags: yamt-pdpolicy-base5,
simonb-timecounters-base,
elad-kernelauth-base
Branch point for: chap-midi
Changes since 1.225: +3 -3
lines
Diff to previous 1.225 (colored) to selected 1.384 (colored)
#if -> #ifdef ok christos
Revision 1.225 / (download) - annotate - [select for diffs], Sat Apr 15 02:24:12 2006 UTC (18 years ago) by christos
Branch: MAIN
Changes since 1.224: +3 -3
lines
Diff to previous 1.224 (colored) to selected 1.384 (colored)
Coverity CID 1134: Protect against NULL deref.
Revision 1.224 / (download) - annotate - [select for diffs], Sat Feb 18 17:47:07 2006 UTC (18 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: yamt-uio_vmspace-base5,
yamt-pdpolicy-base4,
yamt-pdpolicy-base3,
yamt-pdpolicy-base2,
yamt-pdpolicy-base,
peter-altq-base
Branch point for: yamt-pdpolicy,
peter-altq,
elad-kernelauth
Changes since 1.223: +6 -6
lines
Diff to previous 1.223 (colored) to selected 1.384 (colored)
Print the source and destination IP in ip_forward's DIAGNOSTIC code with inet_ntoa, making it more human friendly. From Liam J. Foy in private mail.
Revision 1.223 / (download) - annotate - [select for diffs], Sat Dec 24 20:45:09 2005 UTC (18 years, 3 months ago) by perry
Branch: MAIN
Branch point for: yamt-uio_vmspace,
simonb-timecounters,
rpaulo-netinet-merge-pcb
Changes since 1.222: +6 -6
lines
Diff to previous 1.222 (colored) to selected 1.384 (colored)
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.
Revision 1.222 / (download) - annotate - [select for diffs], Sun Dec 11 12:24:57 2005 UTC (18 years, 4 months ago) by christos
Branch: MAIN
Changes since 1.221: +2 -2
lines
Diff to previous 1.221 (colored) to selected 1.384 (colored)
merge ktrace-lwp.
Revision 1.221 / (download) - annotate - [select for diffs], Tue Nov 1 21:21:09 2005 UTC (18 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: yamt-vop-base3,
yamt-readahead-pervnode,
yamt-readahead-perfile,
yamt-readahead-base3,
yamt-readahead-base2,
yamt-readahead-base,
yamt-readahead,
ktrace-lwp-base
Changes since 1.220: +4 -3
lines
Diff to previous 1.220 (colored) to selected 1.384 (colored)
Don't decrement the ttl, until we are sure that we can forward this packet. Before if there was no route, we would call icmp_error with a datagram packet that has an incorrect checksum. (From Liam Foy)
Revision 1.220 / (download) - annotate - [select for diffs], Sun Oct 23 18:38:53 2005 UTC (18 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: yamt-vop-base2,
thorpej-vnode-attr-base,
thorpej-vnode-attr
Changes since 1.219: +9 -20
lines
Diff to previous 1.219 (colored) to selected 1.384 (colored)
No need to pass an interface when only the mtu is needed. From OpenBSD via Liam Foy.
Revision 1.219 / (download) - annotate - [select for diffs], Fri Aug 5 09:21:26 2005 UTC (18 years, 8 months ago) by elad
Branch: MAIN
CVS Tags: yamt-vop-base
Branch point for: yamt-vop
Changes since 1.218: +9 -2
lines
Diff to previous 1.218 (colored) to selected 1.384 (colored)
Add sysctls for IP, ICMP, TCP, and UDP statistics.
Revision 1.218 / (download) - annotate - [select for diffs], Tue Jun 28 19:38:58 2005 UTC (18 years, 9 months ago) by seanb
Branch: MAIN
Branch point for: yamt-lazymbuf
Changes since 1.217: +3 -3
lines
Diff to previous 1.217 (colored) to selected 1.384 (colored)
- Return ICMP_UNREACH_NET when no route found as per section 4.3.3.1 of rfc1812.
Revision 1.217 / (download) - annotate - [select for diffs], Thu Jun 9 02:19:59 2005 UTC (18 years, 10 months ago) by atatat
Branch: MAIN
Changes since 1.216: +3 -3
lines
Diff to previous 1.216 (colored) to selected 1.384 (colored)
Properly fix the constipated lossage wrt -Wcast-qual and the sysctl code. I know it's not the prettiest code, but it seems to work rather well in spite of itself.
Revision 1.216 / (download) - annotate - [select for diffs], Wed Jun 1 09:45:15 2005 UTC (18 years, 10 months ago) by blymn
Branch: MAIN
Changes since 1.215: +3 -3
lines
Diff to previous 1.215 (colored) to selected 1.384 (colored)
Unconstify rnode to prevent compile error when GATEWAY option set.
Revision 1.215 / (download) - annotate - [select for diffs], Fri Apr 29 10:39:09 2005 UTC (18 years, 11 months ago) by yamt
Branch: MAIN
CVS Tags: kent-audio2-base
Changes since 1.214: +3 -2
lines
Diff to previous 1.214 (colored) to selected 1.384 (colored)
move decl of inetsw to its own header to avoid array of incomplete type. found by gcc4. reported by Adam Ciarcinski.
Revision 1.214 / (download) - annotate - [select for diffs], Mon Apr 18 21:50:25 2005 UTC (19 years ago) by yamt
Branch: MAIN
Changes since 1.213: +2 -3
lines
Diff to previous 1.213 (colored) to selected 1.384 (colored)
fix problems related to loopback interface checksum omission. PR/29971. - for ipv4, defer decision to ip layer as h/w checksum offloading does so that it can check the actual interface the packet is going to. - for ipv6, disable it. (maybe will be revisited when it implements h/w checksum offloading.) ok'ed by Jason Thorpe.
Revision 1.213 / (download) - annotate - [select for diffs], Tue Mar 29 09:37:08 2005 UTC (19 years ago) by yamt
Branch: MAIN
Changes since 1.212: +3 -2
lines
Diff to previous 1.212 (colored) to selected 1.384 (colored)
ip_reass: clear stale csum_flags.
Revision 1.212 / (download) - annotate - [select for diffs], Sat Feb 26 22:45:12 2005 UTC (19 years, 1 month ago) by perry
Branch: MAIN
CVS Tags: yamt-km-base4,
yamt-km-base3,
netbsd-3-base
Branch point for: netbsd-3
Changes since 1.211: +15 -15
lines
Diff to previous 1.211 (colored) to selected 1.384 (colored)
nuke trailing whitespace
Revision 1.211 / (download) - annotate - [select for diffs], Thu Feb 3 22:56:42 2005 UTC (19 years, 2 months ago) by perry
Branch: MAIN
CVS Tags: yamt-km-base2
Changes since 1.210: +18 -33
lines
Diff to previous 1.210 (colored) to selected 1.384 (colored)
ANSIfy function declarations
Revision 1.210 / (download) - annotate - [select for diffs], Wed Feb 2 21:41:55 2005 UTC (19 years, 2 months ago) by perry
Branch: MAIN
Changes since 1.209: +8 -8
lines
Diff to previous 1.209 (colored) to selected 1.384 (colored)
de-__P -- will ANSIfy .c files later.
Revision 1.209 / (download) - annotate - [select for diffs], Mon Jan 24 21:25:10 2005 UTC (19 years, 2 months ago) by matt
Branch: MAIN
CVS Tags: yamt-km-base
Branch point for: yamt-km
Changes since 1.208: +3 -3
lines
Diff to previous 1.208 (colored) to selected 1.384 (colored)
Add IFNET_FOREACH and IFADDR_FOREACH macros and start using them.
Revision 1.208 / (download) - annotate - [select for diffs], Sun Dec 19 06:42:24 2004 UTC (19 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: kent-audio1-beforemerge
Branch point for: kent-audio2
Changes since 1.207: +3 -3
lines
Diff to previous 1.207 (colored) to selected 1.384 (colored)
yamt's changes seem to fix all the checksumming issues. Turn the loopback checksums back off so we can make sure that everything works.
Revision 1.207 / (download) - annotate - [select for diffs], Fri Dec 17 22:54:52 2004 UTC (19 years, 4 months ago) by christos
Branch: MAIN
Changes since 1.206: +3 -3
lines
Diff to previous 1.206 (colored) to selected 1.384 (colored)
Turn checksumming on loopback back on until we fix the bugs in it. Connect over tcp on the loopback is broken: 4729 amq 0.000007 CALL connect(4,0x804f2a0,0x1c) 4729 amq 75.007420 RET connect -1 errno 60 Connection timed out
Revision 1.206 / (download) - annotate - [select for diffs], Wed Dec 15 04:25:19 2004 UTC (19 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.205: +20 -6
lines
Diff to previous 1.205 (colored) to selected 1.384 (colored)
Don't perform checksums on loopback interfaces. They can be reenabled with the net.inet.*.do_loopback_cksum sysctl. Approved by: groo
Revision 1.205 / (download) - annotate - [select for diffs], Wed Oct 6 01:34:11 2004 UTC (19 years, 6 months ago) by darrenr
Branch: MAIN
CVS Tags: kent-audio1-base,
kent-audio1
Changes since 1.204: +16 -2
lines
Diff to previous 1.204 (colored) to selected 1.384 (colored)
Add a comment to document what setting "srcrt" is really on about in ipintr()
Revision 1.204 / (download) - annotate - [select for diffs], Wed Sep 29 21:28:34 2004 UTC (19 years, 6 months ago) by christos
Branch: MAIN
Changes since 1.203: +3 -3
lines
Diff to previous 1.203 (colored) to selected 1.384 (colored)
PR/27081: Sean Boudreau: ip_input() bad csum count not incremented on sw csum
Revision 1.203 / (download) - annotate - [select for diffs], Tue May 25 04:34:00 2004 UTC (19 years, 10 months ago) by atatat
Branch: MAIN
CVS Tags: BEFORE-IPF413
Changes since 1.202: +54 -25
lines
Diff to previous 1.202 (colored) to selected 1.384 (colored)
Sysctl descriptions under net subtree (net.key not done)
Revision 1.202 / (download) - annotate - [select for diffs], Sun May 2 05:02:53 2004 UTC (19 years, 11 months ago) by darrenr
Branch: MAIN
Changes since 1.201: +2 -17
lines
Diff to previous 1.201 (colored) to selected 1.384 (colored)
at line 543, we do a pullup here of hlen bytes into the mbuf, so these later ones are superfluous.
Revision 1.201 / (download) - annotate - [select for diffs], Sat May 1 02:20:42 2004 UTC (19 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.200: +6 -8
lines
Diff to previous 1.200 (colored) to selected 1.384 (colored)
Use EVCNT_ATTACH_STATIC{,2}
Revision 1.200 / (download) - annotate - [select for diffs], Sun Apr 25 16:42:42 2004 UTC (19 years, 11 months ago) by simonb
Branch: MAIN
Changes since 1.199: +4 -9
lines
Diff to previous 1.199 (colored) to selected 1.384 (colored)
Initialise (most) pools from a link set instead of explicit calls to pool_init. Untouched pools are ones that either in arch-specific code, or aren't initialiased during initial system startup. Convert struct session, ucred and lockf to pools.
Revision 1.199 / (download) - annotate - [select for diffs], Thu Apr 22 01:01:41 2004 UTC (20 years ago) by matt
Branch: MAIN
Changes since 1.198: +3 -4
lines
Diff to previous 1.198 (colored) to selected 1.384 (colored)
Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
Revision 1.198 / (download) - annotate - [select for diffs], Thu Apr 1 22:47:55 2004 UTC (20 years ago) by matt
Branch: MAIN
Changes since 1.197: +4 -4
lines
Diff to previous 1.197 (colored) to selected 1.384 (colored)
In ip_reass_ttl_descr, make i signed since it's compared to >= 0
Revision 1.197 / (download) - annotate - [select for diffs], Wed Mar 24 15:34:54 2004 UTC (20 years ago) by atatat
Branch: MAIN
CVS Tags: netbsd-2-0-base,
BEFORE-IPF411
Branch point for: netbsd-2-0
Changes since 1.196: +50 -26
lines
Diff to previous 1.196 (colored) to selected 1.384 (colored)
Tango on sysctl_createv() and flags. The flags have all been renamed, and sysctl_createv() now uses more arguments.
Revision 1.196 / (download) - annotate - [select for diffs], Thu Jan 15 05:13:17 2004 UTC (20 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.195: +3 -3
lines
Diff to previous 1.195 (colored) to selected 1.384 (colored)
correct typo in 1.94 -> 1.95. pointed out by Shiva Shenoy
Revision 1.195 / (download) - annotate - [select for diffs], Sun Dec 14 01:14:24 2003 UTC (20 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.194: +7 -7
lines
Diff to previous 1.194 (colored) to selected 1.384 (colored)
Fix syntax errors in CHECK_NMBCLUSTER_PARAMS().
Revision 1.194 / (download) - annotate - [select for diffs], Sun Dec 14 00:09:24 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.193: +144 -26
lines
Diff to previous 1.193 (colored) to selected 1.384 (colored)
Second part of hashed IP_reassembly changes: When under pressure for mbufs or we have too many fragments in the IP reassembly queue, drop half of all fragments. This multiplicative-drop strategy ensures we return to a healthy state, even under borderline denial-of-service from extremely lossy NFS-over-UDP peers. The multiplicative-drop phase currently drops 50% of fragments, but has pre-placed support for implementing drop-fractions other than 50% The threshhold for the `drop-half' phase is the new variable, ip_maxfrags which is calculated as nmbclusters/4. ip_input.c now keeps ip_nmbclusters, a cached copy of nmbclusters. Before using limits derived from nmbclusters, we check if nmbclusters and ip_nmclusters are equal. If not, we recompute Ip parameters derived from nmbclusters. Based on a suggestion by Jason Thorpe. ip_maxfrags is currently auto-recalcuated. The counters ip_nfrags and ip_nfragpacketsr are now declared static and uninitialized (bss), to discourage tampering with them.
Revision 1.193 / (download) - annotate - [select for diffs], Fri Dec 12 21:17:59 2003 UTC (20 years, 4 months ago) by scw
Branch: MAIN
Changes since 1.192: +23 -3
lines
Diff to previous 1.192 (colored) to selected 1.384 (colored)
Make fast-ipsec and ipflow (Fast Forwarding) interoperate. The idea is that we only clear M_CANFASTFWD if an SPD exists for the packet. Otherwise, it's safe to add a fast-forward cache entry for the route. To make this work properly, we invalidate the entire ipflow cache if a fast-ipsec key is added or changed.
Revision 1.192 / (download) - annotate - [select for diffs], Mon Dec 8 02:23:27 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.191: +24 -5
lines
Diff to previous 1.191 (colored) to selected 1.384 (colored)
Add new field ipq_nfrags to struct ipq. Maintain count of fragments (fragments, not fragmented packets) in each queue entry. Use ipq_nfrags to maintain a count of total fragments in reassembly queue.
Revision 1.191 / (download) - annotate - [select for diffs], Sun Dec 7 01:18:26 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.190: +4 -4
lines
Diff to previous 1.190 (colored) to selected 1.384 (colored)
KNF: s/unsigned/u_int/, in a couple of places I missed.
Revision 1.190 / (download) - annotate - [select for diffs], Sat Dec 6 23:56:10 2003 UTC (20 years, 4 months ago) by jonathan
Branch: MAIN
Changes since 1.189: +63 -19
lines
Diff to previous 1.189 (colored) to selected 1.384 (colored)
Replace the single global IP reassembly list/listhead, with a hashtable of list-heads. Independently re-invented, then reworked to match similar code in FreeBSD.
Revision 1.189 / (download) - annotate - [select for diffs], Thu Dec 4 19:38:24 2003 UTC (20 years, 4 months ago) by atatat
Branch: MAIN
Changes since 1.188: +173 -156
lines
Diff to previous 1.188 (colored) to selected 1.384 (colored)
Dynamic sysctl. Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically. Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function. All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference. PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
Revision 1.188 / (download) - annotate - [select for diffs], Thu Dec 4 10:02:35 2003 UTC (20 years, 4 months ago) by scw
Branch: MAIN
Changes since 1.187: +3 -3
lines
Diff to previous 1.187 (colored) to selected 1.384 (colored)
ipflow (IP fast forwarding) is not compatible with FAST_IPSEC either. XXX: The decision whether or not to fast forward should be made XXX: dynamically. Using the current approach seriously reduces XXX: routing performance on gateways with IPsec enabled.
Revision 1.187 / (download) - annotate - [select for diffs], Wed Nov 26 21:15:47 2003 UTC (20 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.186: +2 -8
lines
Diff to previous 1.186 (colored) to selected 1.384 (colored)
define RANDOM_IP_ID by default (unifdef -DRANDOM_IP_ID). one use remains in sys/netipsec, which is kept for freebsd source code compat.
Revision 1.186 / (download) - annotate - [select for diffs], Mon Nov 24 20:54:59 2003 UTC (20 years, 4 months ago) by scw
Branch: MAIN
Changes since 1.185: +4 -2
lines
Diff to previous 1.185 (colored) to selected 1.384 (colored)
For FAST_IPSEC, ipfilter gets to see wire-format IPsec-encapsulated packets only. Decapsulated packets bypass ipfilter. This mimics current behaviour for Kame IPsec.
Revision 1.185 / (download) - annotate - [select for diffs], Wed Nov 19 22:40:55 2003 UTC (20 years, 5 months ago) by fvdl
Branch: MAIN
Changes since 1.184: +3 -3
lines
Diff to previous 1.184 (colored) to selected 1.384 (colored)
Correct number of arguments to sysctl_rdint.
Revision 1.184 / (download) - annotate - [select for diffs], Wed Nov 19 18:39:34 2003 UTC (20 years, 5 months ago) by jonathan
Branch: MAIN
Changes since 1.183: +16 -2
lines
Diff to previous 1.183 (colored) to selected 1.384 (colored)
Patch back support for (badly) randomized IP ids, by request: * Include "opt_inet.h" everywhere IP-ids are generated with ip_newid(), so the RANDOM_IP_ID option is visible. Also in ip_id(), to ensure the prototype for ip_randomid() is made visible. * Add new sysctl to enable randomized IP-ids, provided the kernel was configured with RANDOM_IP_ID. (The sysctl defaults to zero, and is a read-only zero if RANDOM_IP_ID is not configured). Note that the implementation of randomized IP ids is still defective, and should not be enabled at all (even if configured) without very careful deliberation. Caveat emptor.
Revision 1.183 / (download) - annotate - [select for diffs], Mon Nov 17 22:34:16 2003 UTC (20 years, 5 months ago) by jonathan
Branch: MAIN
Changes since 1.182: +4 -2
lines
Diff to previous 1.182 (colored) to selected 1.384 (colored)
Diff to netinet/ip_input.c (restore ip_id, initialize) for ip_id fix: Revert the (default) ip_id algorithm to the pre-randomid algorithm, due to demonstrated low-period repeated IDs from the randomized IP_id code. Consensus is that the low-period repetition (much less than 2^15) is not suitable for general-purpose use. Allocators of new IPv4 IDs should now call the function ip_newid(). Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID". ip_newid() can use ip_random-id()_IP_ID if and only if configured with RANDOM_IP_ID. A sysctl knob should be provided. This API may be reworked in the near future to support linear ip_id counters per (src,dst) IP-address pair.
Revision 1.182 / (download) - annotate - [select for diffs], Wed Nov 12 15:00:05 2003 UTC (20 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.181: +5 -5
lines
Diff to previous 1.181 (colored) to selected 1.384 (colored)
KNF
Revision 1.181 / (download) - annotate - [select for diffs], Tue Nov 11 20:25:26 2003 UTC (20 years, 5 months ago) by jonathan
Branch: MAIN
Changes since 1.180: +5 -5
lines
Diff to previous 1.180 (colored) to selected 1.384 (colored)
Change global head-of-local-IP-address list from in_ifaddr to in_ifaddrhead. Recent changes in struct names caused a namespace collision in fast-ipsec, which are most cleanly fixed by using "in_ifaddrhead" as the listhead name.
Revision 1.180 / (download) - annotate - [select for diffs], Mon Nov 10 20:03:29 2003 UTC (20 years, 5 months ago) by jonathan
Branch: MAIN
Changes since 1.179: +10 -5
lines
Diff to previous 1.179 (colored) to selected 1.384 (colored)
Make per-protocol network input queue stats visible to userland via sysctl. Add a protocol-independent sysctl handler to show the per-protocol "struct ifq' statistics. Add IP(v4) specific call to the handler. Other protocols can show their per-protocol input statistics by allocating a sysclt node and calling sysctl_ifq() with their own struct ifq *. As posted to tech-kern plus improvements/cleanup suggested by Andrew Brown.
Revision 1.179 / (download) - annotate - [select for diffs], Sun Sep 28 04:45:14 2003 UTC (20 years, 6 months ago) by mycroft
Branch: MAIN
Changes since 1.178: +2 -12
lines
Diff to previous 1.178 (colored) to selected 1.384 (colored)
Remove some code that breaks AH tunnels completely. The comment describing the purpose of this code appears to be on crack -- it's talking about end-to-end authentication, but the purpose of an AH tunnel is NOT end-to-end authentication; it's authentication of the tunnel endpoints. NB: This does not fix the fact that IPsec leaks "packet tags."
Revision 1.178 / (download) - annotate - [select for diffs], Sat Sep 6 03:36:30 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.177: +2 -4
lines
Diff to previous 1.177 (colored) to selected 1.384 (colored)
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
Revision 1.177 / (download) - annotate - [select for diffs], Sat Sep 6 00:24:54 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.176: +3 -3
lines
Diff to previous 1.176 (colored) to selected 1.384 (colored)
backout previous, we don't know if arc4random() corrides on reboot.
Revision 1.176 / (download) - annotate - [select for diffs], Fri Sep 5 22:09:38 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.175: +3 -3
lines
Diff to previous 1.175 (colored) to selected 1.384 (colored)
initialize fragment ID with arc4random, not by time.tv_sec
Revision 1.175 / (download) - annotate - [select for diffs], Fri Aug 22 22:00:37 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.174: +2 -6
lines
Diff to previous 1.174 (colored) to selected 1.384 (colored)
remove ipsec_set/getsocket. now we explicitly pass socket * to ip{,6}_output.
Revision 1.174 / (download) - annotate - [select for diffs], Fri Aug 22 21:53:03 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.173: +3 -3
lines
Diff to previous 1.173 (colored) to selected 1.384 (colored)
change the additional arg to be passed to ip{,6}_output to struct socket *. this fixes KAME policy lookup which was broken by the previous commit.
Revision 1.173 / (download) - annotate - [select for diffs], Fri Aug 15 03:42:02 2003 UTC (20 years, 8 months ago) by jonathan
Branch: MAIN
Changes since 1.172: +89 -6
lines
Diff to previous 1.172 (colored) to selected 1.384 (colored)
(fast-ipsec): Add hooks to pass IPv4 IPsec traffic into fast-ipsec, if configured with ``options FAST_IPSEC''. Kernels with KAME IPsec or with no IPsec should work as before. All calls to ip_output() now always pass an additional compulsory argument: the inpcb associated with the packet being sent, or 0 if no inpcb is available. Fast-ipsec tested with ICMP or UDP over ESP. TCP doesn't work, yet.
Revision 1.172 / (download) - annotate - [select for diffs], Thu Aug 7 16:33:12 2003 UTC (20 years, 8 months ago) by agc
Branch: MAIN
Changes since 1.171: +3 -7
lines
Diff to previous 1.171 (colored) to selected 1.384 (colored)
Move UCB-licensed code from 4-clause to 3-clause licence. Patches provided by Joel Baker in PR 22364, verified by myself.
Revision 1.171 / (download) - annotate - [select for diffs], Mon Jul 14 16:39:43 2003 UTC (20 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.170: +2 -3
lines
Diff to previous 1.170 (colored) to selected 1.384 (colored)
correct igmp. from love
Revision 1.170 / (download) - annotate - [select for diffs], Thu Jul 3 05:03:53 2003 UTC (20 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.169: +5 -7
lines
Diff to previous 1.169 (colored) to selected 1.384 (colored)
minor KNF
Revision 1.169 / (download) - annotate - [select for diffs], Mon Jun 30 07:54:28 2003 UTC (20 years, 9 months ago) by itojun
Branch: MAIN
Branch point for: ktrace-lwp
Changes since 1.168: +8 -3
lines
Diff to previous 1.168 (colored) to selected 1.384 (colored)
do not generate ICMP redirect when packet filter alters ip_dst to an address that reside on the same link. Cedric Berger convinced me that it is necessary.
Revision 1.168 / (download) - annotate - [select for diffs], Mon Jun 30 01:21:11 2003 UTC (20 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.167: +4 -4
lines
Diff to previous 1.167 (colored) to selected 1.384 (colored)
fix indent
Revision 1.167 / (download) - annotate - [select for diffs], Mon Jun 23 11:02:14 2003 UTC (20 years, 10 months ago) by martin
Branch: MAIN
Changes since 1.166: +3 -2
lines
Diff to previous 1.166 (colored) to selected 1.384 (colored)
Make sure to include opt_foo.h if a defflag option FOO is used.
Revision 1.166 / (download) - annotate - [select for diffs], Sun Jun 15 02:49:33 2003 UTC (20 years, 10 months ago) by matt
Branch: MAIN
Changes since 1.165: +11 -2
lines
Diff to previous 1.165 (colored) to selected 1.384 (colored)
Change the way multicasts are kept. They now use a hash table in the same manner as the ifaddr hash table. By doing this, the mkludge code can go away. At the same time, keep track of what pcbs are using what ifaddr and when an address is deleted from an interface, notify/abort all sockets that have that address as a source. Switch IGMP and multicasts to use pools for allocation. Fix a number of potential problems in the igmp code where allocation failures could cause a trap/panic.
Revision 1.165 / (download) - annotate - [select for diffs], Fri Apr 11 19:41:37 2003 UTC (21 years ago) by christos
Branch: MAIN
Changes since 1.164: +43 -2
lines
Diff to previous 1.164 (colored) to selected 1.384 (colored)
PR/991: Darren Reed: Add a sysctl (checkinteface) to implement this. This implementation is taken from FreeBSD, but we default to off. XXX: We should really do this on a per ifaddr basis as jason suggested.
Revision 1.164 / (download) - annotate - [select for diffs], Wed Feb 26 06:31:14 2003 UTC (21 years, 1 month ago) by matt
Branch: MAIN
Changes since 1.163: +21 -2
lines
Diff to previous 1.163 (colored) to selected 1.384 (colored)
Add MBUFTRACE kernel option. Do a little mbuf rework while here. Change all uses of MGET*(*, M_WAIT, *) to m_get*(M_WAIT, *). These are not performance critical and making them call m_get saves considerable space. Add m_clget analogue of MCLGET and make corresponding change for M_WAIT uses. Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE. Begin to change netstat to use sysctl.
Revision 1.163 / (download) - annotate - [select for diffs], Tue Nov 12 02:10:13 2002 UTC (21 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: nathanw_sa_before_merge,
nathanw_sa_base,
gmcgarry_ucred_base,
gmcgarry_ucred,
gmcgarry_ctxsw_base,
gmcgarry_ctxsw,
fvdl_fs64_base
Changes since 1.162: +5 -10
lines
Diff to previous 1.162 (colored) to selected 1.384 (colored)
remove all entries in rt timer queue on ip_mtudisc change, instead of destroying the queue.
Revision 1.162 / (download) - annotate - [select for diffs], Tue Nov 12 01:57:07 2002 UTC (21 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.161: +12 -5
lines
Diff to previous 1.161 (colored) to selected 1.384 (colored)
ckout previous - doesn't compile
Revision 1.161 / (download) - annotate - [select for diffs], Tue Nov 12 01:38:09 2002 UTC (21 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.160: +5 -12
lines
Diff to previous 1.160 (colored) to selected 1.384 (colored)
update ip_mtudisc sysctl change handling.
Revision 1.160 / (download) - annotate - [select for diffs], Sun Nov 10 19:52:16 2002 UTC (21 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.159: +3 -5
lines
Diff to previous 1.159 (colored) to selected 1.384 (colored)
always create pmtud timeout queue, as ip_mtudisc can be tweaked via sysctl at runtime. From lha@stacken.kth.se
Revision 1.159 / (download) - annotate - [select for diffs], Sat Nov 2 07:28:12 2002 UTC (21 years, 5 months ago) by perry
Branch: MAIN
Changes since 1.158: +4 -4
lines
Diff to previous 1.158 (colored) to selected 1.384 (colored)
/*CONTCOND*/ while (0)'ed macros
Revision 1.158 / (download) - annotate - [select for diffs], Mon Sep 23 13:43:27 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kqueue-beforemerge,
kqueue-base,
kqueue-aftermerge
Changes since 1.157: +6 -3
lines
Diff to previous 1.157 (colored) to selected 1.384 (colored)
revert mtudisc_timeout value to the old one if update falis
Revision 1.157 / (download) - annotate - [select for diffs], Wed Sep 11 02:46:43 2002 UTC (21 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.156: +4 -4
lines
Diff to previous 1.156 (colored) to selected 1.384 (colored)
KNF - return is not a function. sync w/kame.
Revision 1.156 / (download) - annotate - [select for diffs], Wed Sep 11 02:41:19 2002 UTC (21 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.155: +5 -3
lines
Diff to previous 1.155 (colored) to selected 1.384 (colored)
correct signedness mixup in pointer passing. sync w/kame
Revision 1.155 / (download) - annotate - [select for diffs], Wed Aug 14 00:23:31 2002 UTC (21 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: gehenna-devsw-base
Changes since 1.154: +42 -34
lines
Diff to previous 1.154 (colored) to selected 1.384 (colored)
avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE optimization made last year. should solve PR 17867 and 10195. IP_HDRINCL behavior of raw ip socket is kept unchanged. we may want to provide IP_HDRINCL variant that does not swap endian.
Revision 1.154 / (download) - annotate - [select for diffs], Sun Jun 30 22:40:34 2002 UTC (21 years, 9 months ago) by thorpej
Branch: MAIN
Changes since 1.153: +20 -6
lines
Diff to previous 1.153 (colored) to selected 1.384 (colored)
Changes to allow the IPv4 and IPv6 layers to align headers themseves, as necessary: * Implement a new mbuf utility routine, m_copyup(), is is like m_pullup(), except that it always prepends and copies, rather than only doing so if the desired length is larger than m->m_len. m_copyup() also allows an offset into the destination mbuf, which allows space for packet headers, in the forwarding case. * Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that architectures which do not have strict alignment constraints don't pay for the test or visit the new align-if-needed path. * Use the new macros to check if a header needs to be aligned, or to assert that it already is, as appropriate. Note: This code is still somewhat experimental. However, the new code path won't be visited if individual device drivers continue to guarantee that packets are delivered to layer 3 already properly aligned (which are rules that are already in use).
Revision 1.153 / (download) - annotate - [select for diffs], Thu Jun 13 16:25:54 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.152: +3 -3
lines
Diff to previous 1.152 (colored) to selected 1.384 (colored)
set IPv4 parameter to modern value. - turn on path MTU discovery (previous: turned off) - ICMPv4 redirect entry timeout = 600 sec (previous: never timeout)
Revision 1.152 / (download) - annotate - [select for diffs], Sun Jun 9 16:33:40 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.151: +7 -7
lines
Diff to previous 1.151 (colored) to selected 1.384 (colored)
whitespace
Revision 1.151 / (download) - annotate - [select for diffs], Fri Jun 7 13:43:47 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.150: +4 -2
lines
Diff to previous 1.150 (colored) to selected 1.384 (colored)
look at rmx_mtu on IPsec tunnel MTU computation. From: David Waitzman <djw@bbn.com>
Revision 1.150 / (download) - annotate - [select for diffs], Sun May 12 20:33:50 2002 UTC (21 years, 11 months ago) by matt
Branch: MAIN
CVS Tags: netbsd-1-6-base
Branch point for: netbsd-1-6,
gehenna-devsw
Changes since 1.149: +4 -2
lines
Diff to previous 1.149 (colored) to selected 1.384 (colored)
Eliminate commons.
Revision 1.149 / (download) - annotate - [select for diffs], Sun May 12 15:48:39 2002 UTC (21 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.148: +5 -5
lines
Diff to previous 1.148 (colored) to selected 1.384 (colored)
Spelling fixes, from Sergey Svishchev in kern/16650.
Revision 1.148 / (download) - annotate - [select for diffs], Tue May 7 02:59:38 2002 UTC (21 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.147: +17 -17
lines
Diff to previous 1.147 (colored) to selected 1.384 (colored)
Change struct ipqe to use TAILQ's instead of LIST's (primarily for TCP's benefit currently). Rework tcp_reass code to optimize the 4 most likely causes of out-of-order packets: first OoO pkt, next OoO pkt in seq, OoO pkt is part of new chuck of OoO packets, and the OoO pkt fills the first hole. Add evcnts to instrument tcp_reass (enabled by the options TCP_REASS_COUNTERS). This is part 1/2 of tcp_reass changes.
Revision 1.147 / (download) - annotate - [select for diffs], Thu Apr 18 22:33:21 2002 UTC (22 years ago) by matt
Branch: MAIN
Changes since 1.146: +3 -3
lines
Diff to previous 1.146 (colored) to selected 1.384 (colored)
Change test for M_EXT to M_READONLY for MROUTING. We only need to to do a pullup if we aren't allowed to modify the packet.
Revision 1.146 / (download) - annotate - [select for diffs], Fri Mar 8 20:48:43 2002 UTC (22 years, 1 month ago) by thorpej
Branch: MAIN
CVS Tags: newlock-base,
newlock,
eeh-devprop-base,
eeh-devprop
Changes since 1.145: +3 -3
lines
Diff to previous 1.145 (colored) to selected 1.384 (colored)
Pool deals fairly well with physical memory shortage, but it doesn't deal with shortages of the VM maps where the backing pages are mapped (usually kmem_map). Try to deal with this: * Group all information about the backend allocator for a pool in a separate structure. The pool references this structure, rather than the individual fields. * Change the pool_init() API accordingly, and adjust all callers. * Link all pools using the same backend allocator on a list. * The backend allocator is responsible for waiting for physical memory to become available, but will still fail if it cannot callocate KVA space for the pages. If this happens, carefully drain all pools using the same backend allocator, so that some KVA space can be freed. * Change pool_reclaim() to indicate if it actually succeeded in freeing some pages, and use that information to make draining easier and more efficient. * Get rid of PR_URGENT. There was only one use of it, and it could be dealt with by the caller. From art@openbsd.org.
Revision 1.145 / (download) - annotate - [select for diffs], Mon Feb 25 02:17:55 2002 UTC (22 years, 1 month ago) by itojun
Branch: MAIN
CVS Tags: ifpoll-base
Changes since 1.144: +9 -2
lines
Diff to previous 1.144 (colored) to selected 1.384 (colored)
correctly enforce ipsec policy check on forwarding case. From: Greg Troxel <gdt@ir.bbn.com>, Bill Chiarchiaro <wjc@work.cleartech.com>
Revision 1.144 / (download) - annotate - [select for diffs], Sun Feb 24 17:22:21 2002 UTC (22 years, 1 month ago) by martin
Branch: MAIN
Changes since 1.143: +10 -2
lines
Diff to previous 1.143 (colored) to selected 1.384 (colored)
Clear M_BCAST and M_MCAST on outgoing mbufs. Don't copy ttl from the inner packet to the encapsulating packet. Make the outer ttl sysctl'able. This should close PR 14269 from Jasper Wallace (change partly from there) and it makes traceroute work over gre tunnels.
Revision 1.143 / (download) - annotate - [select for diffs], Thu Feb 21 08:39:33 2002 UTC (22 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.142: +14 -2
lines
Diff to previous 1.142 (colored) to selected 1.384 (colored)
suppress source quence message, based on router-req RFC (also could be abused as DoS traffic generator). from kjc/kame
Revision 1.142 / (download) - annotate - [select for diffs], Wed Nov 28 09:25:13 2001 UTC (22 years, 4 months ago) by darrenr
Branch: MAIN
Changes since 1.141: +3 -2
lines
Diff to previous 1.141 (colored) to selected 1.384 (colored)
recompute hlen after calling pfil_run_hooks() in case ip_hl was changed.
Revision 1.141 / (download) - annotate - [select for diffs], Tue Nov 13 00:32:38 2001 UTC (22 years, 5 months ago) by lukem
Branch: MAIN
Changes since 1.140: +4 -1
lines
Diff to previous 1.140 (colored) to selected 1.384 (colored)
add RCSIDs
Revision 1.140 / (download) - annotate - [select for diffs], Sun Nov 4 20:55:27 2001 UTC (22 years, 5 months ago) by matt
Branch: MAIN
CVS Tags: thorpej-mips-cache-base
Changes since 1.139: +23 -25
lines
Diff to previous 1.139 (colored) to selected 1.384 (colored)
Convert netinet to not use the internal <sys/queue.h> field names but instead the access macros. Use the FOREACH macros where appropriate.
Revision 1.139 / (download) - annotate - [select for diffs], Sun Nov 4 13:42:27 2001 UTC (22 years, 5 months ago) by matt
Branch: MAIN
Changes since 1.138: +2 -2
lines
Diff to previous 1.138 (colored) to selected 1.384 (colored)
Change a few variable/tables to const since they are read-only.
Revision 1.138 / (download) - annotate - [select for diffs], Mon Oct 29 07:02:33 2001 UTC (22 years, 5 months ago) by simonb
Branch: MAIN
Changes since 1.137: +1 -5
lines
Diff to previous 1.137 (colored) to selected 1.384 (colored)
Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h> anymore.
Revision 1.137 / (download) - annotate - [select for diffs], Mon Sep 17 17:27:00 2001 UTC (22 years, 7 months ago) by thorpej
Branch: MAIN
CVS Tags: thorpej-devvp-base3,
thorpej-devvp-base2
Branch point for: thorpej-mips-cache
Changes since 1.136: +2 -2
lines
Diff to previous 1.136 (colored) to selected 1.384 (colored)
Split the pre-computed ifnet checksum flags into Tx and Rx directions. Add capabilities bits that indicate an interface can only perform in-bound TCPv4 or UDPv4 checksums. There is at least one Gig-E chip for which this is true (Level One LXT-1001), and this is also the case for the Intel i82559 10/100 Ethernet chips.
Revision 1.136 / (download) - annotate - [select for diffs], Mon Aug 6 10:25:00 2001 UTC (22 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: thorpej-devvp-base,
pre-chs-ubcperf,
post-chs-ubcperf
Branch point for: thorpej-devvp
Changes since 1.135: +2 -2
lines
Diff to previous 1.135 (colored) to selected 1.384 (colored)
cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed, especially when it is a connected SOCK_STREAM in6?pcb. sync with kame.
Revision 1.135 / (download) - annotate - [select for diffs], Sat Jun 2 16:17:09 2001 UTC (22 years, 10 months ago) by thorpej
Branch: MAIN
Branch point for: kqueue
Changes since 1.134: +54 -4
lines
Diff to previous 1.134 (colored) to selected 1.384 (colored)
Implement support for IP/TCP/UDP checksum offloading provided by network interfaces. This works by pre-computing the pseudo-header checksum and caching it, delaying the actual checksum to ip_output() if the hardware cannot perform the sum for us. In-bound checksums can either be fully-checked by hardware, or summed up for final verification by software. This method was modeled after how this is done in FreeBSD, although the code is significantly different in most places. We don't delay checksums for IPv6/TCP, but we do take advantage of the cached pseudo-header checksum. Note: hardware-assisted checksumming defaults to "off". It is enabled with ifconfig(8). See the manual page for details. Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet, 3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
Revision 1.134 / (download) - annotate - [select for diffs], Mon May 21 03:31:36 2001 UTC (22 years, 11 months ago) by lukem
Branch: MAIN
Changes since 1.133: +2 -2
lines
Diff to previous 1.133 (colored) to selected 1.384 (colored)
fix spelo in comment
Revision 1.133 / (download) - annotate - [select for diffs], Mon Apr 16 17:03:33 2001 UTC (23 years ago) by itojun
Branch: MAIN
CVS Tags: thorpej_scsipi_nbase,
thorpej_scsipi_beforemerge,
thorpej_scsipi_base
Changes since 1.132: +2 -2
lines
Diff to previous 1.132 (colored) to selected 1.384 (colored)
give a default value to net.inet.ip.maxfragpackets, to protect us from "lots of fragmented packets" DoS attack. the current default value is derived from ipv6 counterpart, which is a magical value "200". it should be enough for normal systems, not sure if it is enough when you take hundreds of thousands of tcp connections on your system. if you have proposal for a better value with concrete reasons, let me know.
Revision 1.132 / (download) - annotate - [select for diffs], Fri Apr 13 23:30:22 2001 UTC (23 years ago) by thorpej
Branch: MAIN
Changes since 1.131: +8 -4
lines
Diff to previous 1.131 (colored) to selected 1.384 (colored)
Remove the use of splimp() from the NetBSD kernel. splnet() and only splnet() is allowed for the protection of data structures used by network devices.
Revision 1.131 / (download) - annotate - [select for diffs], Tue Mar 27 02:24:38 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.130: +31 -1
lines
Diff to previous 1.130 (colored) to selected 1.384 (colored)
net.inet.ip.maxfragpackets defines the maximum size of ip reass queue (prevents fragment flood from chewing up mbuf memory space). derived from KAME net.inet6.ip6.maxfragpackets.
Revision 1.130 / (download) - annotate - [select for diffs], Fri Mar 2 04:26:10 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Branch point for: nathanw_sa
Changes since 1.129: +5 -3
lines
Diff to previous 1.129 (colored) to selected 1.384 (colored)
increase ipstat.ips_badaddr if the packet fails to pass address checks.
Revision 1.129 / (download) - annotate - [select for diffs], Fri Mar 2 02:05:36 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.128: +8 -1
lines
Diff to previous 1.128 (colored) to selected 1.384 (colored)
reject packets with 127/8 on IPv4 src/dst, they must not appear on wire (RFC1122). torture-tests will be welcomed. XXX do we want to check source routing headers as well?
Revision 1.128 / (download) - annotate - [select for diffs], Thu Mar 1 16:31:39 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.127: +14 -1
lines
Diff to previous 1.127 (colored) to selected 1.384 (colored)
make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
Revision 1.127 / (download) - annotate - [select for diffs], Wed Jan 24 09:04:15 2001 UTC (23 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.126: +18 -7
lines
Diff to previous 1.126 (colored) to selected 1.384 (colored)
- record IPsec packet history into m_aux structure. - let ipfilter look at wire-format packet only (not the decapsulated ones), so that VPN setting can work with NAT/ipfilter settings. sync with kame. TODO: use header history for stricter inbound validation
Revision 1.126 / (download) - annotate - [select for diffs], Thu Dec 28 21:40:59 2000 UTC (23 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.125: +3 -3
lines
Diff to previous 1.125 (colored) to selected 1.384 (colored)
Back out the sledgehammer damage applied by wiz while I was out for the holiday.
Revision 1.125 / (download) - annotate - [select for diffs], Mon Dec 25 02:00:47 2000 UTC (23 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.124: +2 -2
lines
Diff to previous 1.124 (colored) to selected 1.384 (colored)
Back out previous change. It causes NAT to fail, and was CLEARLY NOT TESTED before it was committed.
Revision 1.124 / (download) - annotate - [select for diffs], Fri Dec 22 20:01:18 2000 UTC (23 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.123: +3 -3
lines
Diff to previous 1.123 (colored) to selected 1.384 (colored)
Slight adjustment to how pfil_head's are registered. Instead of a "key" and a "dlt", use a "type" (PFIL_TYPE_{AF,IFNET} for now) and a val/ptr appropriate for that type. This allows for more future flexibility with the pfil_hook mechanism.
Revision 1.123 / (download) - annotate - [select for diffs], Thu Dec 14 17:36:44 2000 UTC (23 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.122: +9 -1
lines
Diff to previous 1.122 (colored) to selected 1.384 (colored)
Add ALTQ glue. XXX Temporary until ALTQ is changed to use a pfil hook.
Revision 1.122 / (download) - annotate - [select for diffs], Fri Nov 24 03:43:20 2000 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.121: +3 -2
lines
Diff to previous 1.121 (colored) to selected 1.384 (colored)
IFA_STATS stability (not complete); don't touch ip if it is NULL.
Revision 1.121 / (download) - annotate - [select for diffs], Sat Nov 11 00:52:38 2000 UTC (23 years, 5 months ago) by thorpej
Branch: MAIN
Changes since 1.120: +29 -25
lines
Diff to previous 1.120 (colored) to selected 1.384 (colored)
Restructure the PFIL_HOOKS mechanism a bit: - All packets are passed to PFIL_HOOKS as they come off the wire, i.e. fields in protocol headers in network order, etc. - Allow for multiple hooks to be registered, using a "key" and a "dlt". The "dlt" is a BPF data link type, indicating what type of header is present. - INET and INET6 register with key == AF_INET or AF_INET6, and dlt == DLT_RAW. - PFIL_HOOKS now take an argument for the filter hook, and mbuf **, an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them less IP (really, IP Filter) centric. Maintain compatibility with IP Filter by adding wrapper functions for IP Filter.
Revision 1.120 / (download) - annotate - [select for diffs], Wed Nov 8 14:28:15 2000 UTC (23 years, 5 months ago) by ad
Branch: MAIN
Changes since 1.119: +3 -3
lines
Diff to previous 1.119 (colored) to selected 1.384 (colored)
Update for hashinit() change.
Revision 1.119 / (download) - annotate - [select for diffs], Fri Oct 13 01:50:04 2000 UTC (23 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.118: +5 -2
lines
Diff to previous 1.118 (colored) to selected 1.384 (colored)
make sure we don't share external mbuf between m and mcopy, in ip_forward(). should solve PR 11201.
Revision 1.118 / (download) - annotate - [select for diffs], Sat Aug 26 10:41:29 2000 UTC (23 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.117: +5 -3
lines
Diff to previous 1.117 (colored) to selected 1.384 (colored)
make sure anonport{min,max} is not negative number
Revision 1.117 / (download) - annotate - [select for diffs], Fri Aug 25 13:35:05 2000 UTC (23 years, 7 months ago) by tron
Branch: MAIN
Changes since 1.116: +26 -1
lines
Diff to previous 1.116 (colored) to selected 1.384 (colored)
Add new sysctl variables "net.inet.ip.lowportmin" and "net.inet.ip.lowportmax" which can be used to the set minimum and maximum port number assigned to sockets using IP_PORTRANGE_LOW.
Revision 1.116 / (download) - annotate - [select for diffs], Thu Jul 6 12:51:40 2000 UTC (23 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.115: +1 -2
lines
Diff to previous 1.115 (colored) to selected 1.384 (colored)
remove unnecessary #include <netkey/key_debug.h>. from kame.
Revision 1.115 / (download) - annotate - [select for diffs], Wed Jun 28 03:01:16 2000 UTC (23 years, 9 months ago) by mrg
Branch: MAIN
Changes since 1.114: +3 -2
lines
Diff to previous 1.114 (colored) to selected 1.384 (colored)
<vm/vm.h> -> <uvm/uvm_extern.h>
Revision 1.114 / (download) - annotate - [select for diffs], Wed May 10 03:31:30 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-base,
netbsd-1-5-ALPHA2,
minoura-xpg4dl-base,
minoura-xpg4dl
Branch point for: netbsd-1-5
Changes since 1.113: +32 -6
lines
Diff to previous 1.113 (colored) to selected 1.384 (colored)
add missing boundary checks to ip options processing. correct timestamp option validation (len and ptr upper/lower bound based on RFC791). fill "pointer" field for parameter problem in timestamp option processing.
Revision 1.113 / (download) - annotate - [select for diffs], Wed May 10 01:19:44 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.112: +5 -1
lines
Diff to previous 1.112 (colored) to selected 1.384 (colored)
correct more out-of-bounds memory access, if cnt == 1 and optlen > 1.
Revision 1.112 / (download) - annotate - [select for diffs], Sat May 6 16:35:14 2000 UTC (23 years, 11 months ago) by sommerfeld
Branch: MAIN
Changes since 1.111: +3 -3
lines
Diff to previous 1.111 (colored) to selected 1.384 (colored)
Handle large offsets with very small options correctly.
Revision 1.111 / (download) - annotate - [select for diffs], Fri Mar 31 14:27:17 2000 UTC (24 years ago) by jdolecek
Branch: MAIN
Changes since 1.110: +5 -2
lines
Diff to previous 1.110 (colored) to selected 1.384 (colored)
Slighly improve previous - only include <netinet/ip_mroute.h> if MROUTING is defined.
Revision 1.110 / (download) - annotate - [select for diffs], Fri Mar 31 08:34:20 2000 UTC (24 years ago) by jdolecek
Branch: MAIN
Changes since 1.109: +2 -1
lines
Diff to previous 1.109 (colored) to selected 1.384 (colored)
include <netinet/ip_mroute.h> for ip_mforward() - needed after last duplicate prototype sweep (prototype for ip_mforward() used to be in <netinet/ip_var.h>)
Revision 1.109 / (download) - annotate - [select for diffs], Thu Mar 30 13:24:59 2000 UTC (24 years ago) by augustss
Branch: MAIN
Changes since 1.108: +31 -31
lines
Diff to previous 1.108 (colored) to selected 1.384 (colored)
Remove register declarations.
Revision 1.108 / (download) - annotate - [select for diffs], Thu Mar 30 02:35:24 2000 UTC (24 years ago) by simonb
Branch: MAIN
Changes since 1.107: +1 -2
lines
Diff to previous 1.107 (colored) to selected 1.384 (colored)
Delete uninitialised declaration of ip_defttl - there's an initialised decl earlier in this file.
Revision 1.107 / (download) - annotate - [select for diffs], Fri Mar 10 22:39:03 2000 UTC (24 years, 1 month ago) by thorpej
Branch: MAIN
Changes since 1.106: +2 -1
lines
Diff to previous 1.106 (colored) to selected 1.384 (colored)
Back out previous, and adjust a comment.
Revision 1.106 / (download) - annotate - [select for diffs], Tue Mar 7 05:39:57 2000 UTC (24 years, 1 month ago) by thorpej
Branch: MAIN
Changes since 1.105: +2 -3
lines
Diff to previous 1.105 (colored) to selected 1.384 (colored)
Back out part of 1.104 which isn't actually needed.
Revision 1.105 / (download) - annotate - [select for diffs], Fri Mar 3 13:07:42 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.104: +1 -3
lines
Diff to previous 1.104 (colored) to selected 1.384 (colored)
remove unnecessary ttl initialization which I mistakingly bringed in during KAME merge (this is part of WIDE's expeirmental reass code...) NetBSD PR: 9412 From: Wolfgang Rupprecht <wolfgang@wsrcc.com> Fix from: ho@crt.se itojun was notified from: theo
Revision 1.104 / (download) - annotate - [select for diffs], Thu Mar 2 06:07:36 2000 UTC (24 years, 1 month ago) by thorpej
Branch: MAIN
Changes since 1.103: +9 -8
lines
Diff to previous 1.103 (colored) to selected 1.384 (colored)
Avoid a bug in GCC which manifests itself when processing unaligned IP options. Problem pointed out by Matt Hargett and Erik Fair, analyzed by me.
Revision 1.103 / (download) - annotate - [select for diffs], Wed Mar 1 12:49:33 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.102: +4 -3
lines
Diff to previous 1.102 (colored) to selected 1.384 (colored)
introduce m->m_pkthdr.aux to hold random data which needs to be passed between protocol handlers. ipsec socket pointers, ipsec decryption/auth information, tunnel decapsulation information are in my mind - there can be several other usage. at this moment, we use this for ipsec socket pointer passing. this will avoid reuse of m->m_pkthdr.rcvif in ipsec code. due to the change, MHLEN will be decreased by sizeof(void *) - for example, for i386, MHLEN was 100 bytes, but is now 96 bytes. we may want to increase MSIZE from 128 to 256 for some of our architectures. take caution if you use it for keeping some data item for long period of time - use extra caution on M_PREPEND() or m_adj(), as they may result in loss of m->m_pkthdr.aux pointer (and mbuf leak). this will bump kernel version. (as discussed in tech-net, tested in kame tree)
Revision 1.102 / (download) - annotate - [select for diffs], Sun Feb 20 00:56:39 2000 UTC (24 years, 2 months ago) by darrenr
Branch: MAIN
Changes since 1.101: +2 -2
lines
Diff to previous 1.101 (colored) to selected 1.384 (colored)
pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather than "struct protosw *".
Revision 1.101 / (download) - annotate - [select for diffs], Thu Feb 17 10:59:35 2000 UTC (24 years, 2 months ago) by darrenr
Branch: MAIN
Changes since 1.100: +5 -5
lines
Diff to previous 1.100 (colored) to selected 1.384 (colored)
Change the use of pfil hooks. There is no longer a single list of all pfil information, instead, struct protosw now contains a structure which caontains list heads, etc. The per-protosw pfil struct is passed to pfil_hook_get(), along with an in/out flag to get the head of the relevant filter list. This has been done for only IPv4 and IPv6, at present, with these patches only enabling filtering for IPPROTO_IP and IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated filters now also. The ipfilter code has been updated to only filter IPv4 packets - next major release of ipfilter is required for ipv6.
Revision 1.100 / (download) - annotate - [select for diffs], Wed Feb 16 12:40:40 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.99: +22 -7
lines
Diff to previous 1.99 (colored) to selected 1.384 (colored)
- if ip_dst matches address on !IFF_UP interface, and - there's no match against addresses on IFF_UP interface, send icmp unreach if I'm router. drop it if I'm host. Revised version of PR: 9387 from nrt@iij.ad.jp. Discussed with thorpej+nrt.
Revision 1.99 / (download) - annotate - [select for diffs], Sat Feb 12 18:00:00 2000 UTC (24 years, 2 months ago) by thorpej
Branch: MAIN
CVS Tags: chs-ubc2-newbase
Changes since 1.98: +2 -2
lines
Diff to previous 1.98 (colored) to selected 1.384 (colored)
Typo (Thanks, Havard :-)
Revision 1.98 / (download) - annotate - [select for diffs], Sat Feb 12 17:45:44 2000 UTC (24 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.97: +5 -3
lines
Diff to previous 1.97 (colored) to selected 1.384 (colored)
Small cosmetic change, and note a place where a statistic should be gathered.
Revision 1.97 / (download) - annotate - [select for diffs], Fri Feb 11 05:57:58 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.96: +14 -2
lines
Diff to previous 1.96 (colored) to selected 1.384 (colored)
fix in-kernel packet forwarding loop (till TTL becomes 0) when: - a packet is delivered to an address X, - and the address X is configured on my !IFF_UP interface - and ipforwarding=1 NetBSD PR: 9387 From: nrt@iij.ad.jp
Revision 1.96 / (download) - annotate - [select for diffs], Tue Feb 1 00:07:09 2000 UTC (24 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.95: +11 -11
lines
Diff to previous 1.95 (colored) to selected 1.384 (colored)
Use ifatoia() and sintosa() consistently, rather than using home-grown casting macros intermixed.
Revision 1.95 / (download) - annotate - [select for diffs], Mon Jan 31 14:18:54 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.94: +11 -7
lines
Diff to previous 1.94 (colored) to selected 1.384 (colored)
bring in latest KAME ipsec tree. - interop issues in ipcomp is fixed - padding type (after ESP) is configurable - key database memory management (need more fixes) - policy specification is revisited XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
Revision 1.94 / (download) - annotate - [select for diffs], Tue Oct 26 09:53:17 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: wrstuden-devbsize-base,
wrstuden-devbsize-19991221,
fvdl-softdep-base,
comdex-fall-1999-base,
comdex-fall-1999
Changes since 1.93: +6 -1
lines
Diff to previous 1.93 (colored) to selected 1.384 (colored)
disable ipflow (IPv4 fast fowarding) when IPsec is configured into the kernel.
Revision 1.93 / (download) - annotate - [select for diffs], Sun Oct 17 16:00:00 1999 UTC (24 years, 6 months ago) by sommerfeld
Branch: MAIN
Branch point for: thorpej_scsipi,
fvdl-softdep
Changes since 1.92: +2 -2
lines
Diff to previous 1.92 (colored) to selected 1.384 (colored)
In ip_forward(): Avoid forwarding ip unicast packets which were contained inside link-level multicast packets; having M_MCAST still set in the packet header flags will mean that the packet will get multicast to a bogus group instead of unicast to the next hop. Malformed packets like this have occasionally been spotted "in the wild" on a mediaone cable modem segment which also had multiple netbsd machines running as router/NAT boxes. Without this, any subnet with multiple netbsd routers receiving all multicasts will generate a packet storm on receipt of such a multicast. Note that we already do the same check here for link-level broadcasts; ip6_forward already does this as well. Note that multicast forwarding does not go through ip_forward(). Adding some code to if_ethersubr to sanity check link-level vs. ip-level multicast addresses might also be worthwhile.
Revision 1.92 / (download) - annotate - [select for diffs], Fri Jul 23 15:21:17 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: chs-ubc2-base
Branch point for: wrstuden-devbsize
Changes since 1.91: +1 -5
lines
Diff to previous 1.91 (colored) to selected 1.384 (colored)
do not include unnecessary include files.
Revision 1.91 / (download) - annotate - [select for diffs], Fri Jul 9 22:57:18 1999 UTC (24 years, 9 months ago) by thorpej
Branch: MAIN
Changes since 1.90: +2 -1
lines
Diff to previous 1.90 (colored) to selected 1.384 (colored)
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
Revision 1.90 / (download) - annotate - [select for diffs], Tue Jul 6 12:23:20 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.89: +5 -5
lines
Diff to previous 1.89 (colored) to selected 1.384 (colored)
sync with KAME/NetBSD 1.4, SNAP kit 19990705. key changes are: - icmp6 redirect fix (dst check) - revised ip6 multicast check for loopback i/f - several RCS ID cleanups
Revision 1.89 / (download) - annotate - [select for diffs], Thu Jul 1 08:12:50 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.88: +153 -28
lines
Diff to previous 1.88 (colored) to selected 1.384 (colored)
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details. - sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen In my understanding no code here is subject to export control so it should be safe.
Revision 1.88 / (download) - annotate - [select for diffs], Sat Jun 26 06:16:48 1999 UTC (24 years, 9 months ago) by sommerfeld
Branch: MAIN
Changes since 1.87: +6 -2
lines
Diff to previous 1.87 (colored) to selected 1.384 (colored)
If the new global variable hostzerobroadcast is zero, no longer assume address zero of each net/subnet is a broadcast address. (The default value is nonzero, which preserves the current behavior). This can be set using sysctl; the boot-time default can also be configured using the HOSTZEROBROADCAST kernel config option. While we're here, defopt HOSTZEROBROADCAST and SUBNETSARELOCAL
Revision 1.87 / (download) - annotate - [select for diffs], Tue May 4 20:13:09 1999 UTC (24 years, 11 months ago) by hwr
Branch: MAIN
Changes since 1.86: +1 -2
lines
Diff to previous 1.86 (colored) to selected 1.384 (colored)
It does not make much sense to increase a "output" counter on input.
Revision 1.86 / (download) - annotate - [select for diffs], Mon May 3 22:12:44 1999 UTC (24 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.85: +3 -5
lines
Diff to previous 1.85 (colored) to selected 1.384 (colored)
In INADDR_TO_IA(), skip interfaces which are not up. Revert previous change to ip_input.c to check the interface status after INADDR_TO_IA(). Fix cooked up by Heiko Rupp and myself. Fixes PR 7480.
Revision 1.85 / (download) - annotate - [select for diffs], Mon May 3 21:14:47 1999 UTC (24 years, 11 months ago) by hwr
Branch: MAIN
Changes since 1.84: +10 -1
lines
Diff to previous 1.84 (colored) to selected 1.384 (colored)
Drop packets, that have a Class-D address as source address. Implements the first half of PR 7003.
Revision 1.84 / (download) - annotate - [select for diffs], Wed Apr 7 05:34:32 1999 UTC (25 years ago) by proff
Branch: MAIN
Changes since 1.83: +2 -3
lines
Diff to previous 1.83 (colored) to selected 1.384 (colored)
tiny KNF change
Revision 1.83 / (download) - annotate - [select for diffs], Wed Apr 7 02:31:05 1999 UTC (25 years ago) by proff
Branch: MAIN
Changes since 1.82: +5 -2
lines
Diff to previous 1.82 (colored) to selected 1.384 (colored)
Prevent reception of packets on downed interfaces (via an up interface). fixes kern/7327
Revision 1.82 / (download) - annotate - [select for diffs], Sat Mar 27 01:24:49 1999 UTC (25 years ago) by aidan
Branch: MAIN
CVS Tags: netbsd-1-4-base
Branch point for: netbsd-1-4
Changes since 1.81: +4 -1
lines
Diff to previous 1.81 (colored) to selected 1.384 (colored)
Added per-addr input/output statistics. Currently just support netatalk and netinet, currently only tested under netinet. Disabled by default, enabled by compiling the kernel with option IFA_STATS. Enabling this feature seems to make the ip_output function take 13% longer than before, which should be OK for people that need this feature.
Revision 1.81 / (download) - annotate - [select for diffs], Fri Mar 26 08:51:36 1999 UTC (25 years ago) by proff
Branch: MAIN
Changes since 1.80: +10 -1
lines
Diff to previous 1.80 (colored) to selected 1.384 (colored)
security: test for ip_len < ip_hl <<2 and drop packet accordingly
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jan 19 23:39:57 1999 UTC (25 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.79: +1 -4
lines
Diff to previous 1.79 (colored) to selected 1.384 (colored)
There's just no plausible reason to byte-swap ip_id internally. It's opaque.
Revision 1.79 / (download) - annotate - [select for diffs], Tue Jan 19 23:03:21 1999 UTC (25 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.78: +6 -6
lines
Diff to previous 1.78 (colored) to selected 1.384 (colored)
Don't screw with ip_len; just subtract from it where we actually use the value.
Revision 1.78 / (download) - annotate - [select for diffs], Tue Jan 19 21:58:40 1999 UTC (25 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.77: +2 -2
lines
Diff to previous 1.77 (colored) to selected 1.384 (colored)
Don't overwrite the checksum fields when checking them. There's no reason to do this, and it screws up ICMP replies. XXX The returned IP checksum and length are still wrong.
Revision 1.77 / (download) - annotate - [select for diffs], Mon Jan 11 22:35:06 1999 UTC (25 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.76: +14 -11
lines
Diff to previous 1.76 (colored) to selected 1.384 (colored)
Fix byte order and ip_len inconsistencies in ICMP reply code. Also, fix some formatting and HTONS(foo) vs. foo = htons(foo) inconsistencies. PR #6602, Darren Reed.
Revision 1.76 / (download) - annotate - [select for diffs], Sat Dec 19 02:46:12 1998 UTC (25 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.75: +38 -38
lines
Diff to previous 1.75 (colored) to selected 1.384 (colored)
Reverse the copyright-notice-swap. It went against existing practice.
Revision 1.75 / (download) - annotate - [select for diffs], Fri Dec 18 21:35:11 1998 UTC (25 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.74: +75 -2
lines
Diff to previous 1.74 (colored) to selected 1.384 (colored)
Add a lock around the IP fragment reassembly queue, to prevent ip_drain() from corrupting the queue if called from a device's interrupt context. Should fix PR #5684.
Revision 1.74 / (download) - annotate - [select for diffs], Fri Nov 13 03:24:22 1998 UTC (25 years, 5 months ago) by thorpej
Branch: MAIN
CVS Tags: kenh-if-detach-base
Branch point for: kenh-if-detach
Changes since 1.73: +2 -1
lines
Diff to previous 1.73 (colored) to selected 1.384 (colored)
Once a fragmented IP packet has been reassembled, recompute the packet length before passing it up the stack. From FreeBSD.
Revision 1.73 / (download) - annotate - [select for diffs], Thu Oct 8 01:41:46 1998 UTC (25 years, 6 months ago) by thorpej
Branch: MAIN
CVS Tags: chs-ubc-base,
chs-ubc
Changes since 1.72: +4 -1
lines
Diff to previous 1.72 (colored) to selected 1.384 (colored)
Use the pool allocator for ipflow entries.
Revision 1.72 / (download) - annotate - [select for diffs], Thu Oct 8 01:19:25 1998 UTC (25 years, 6 months ago) by thorpej
Branch: MAIN
Changes since 1.71: +13 -8
lines
Diff to previous 1.71 (colored) to selected 1.384 (colored)
Use the pool allocator for ipqent structures.
Revision 1.71 / (download) - annotate - [select for diffs], Wed Sep 30 21:52:25 1998 UTC (25 years, 6 months ago) by tls
Branch: MAIN
Changes since 1.70: +38 -38
lines
Diff to previous 1.70 (colored) to selected 1.384 (colored)
Switch order of TNF and UCB copyrights so UCB copyright is first; this seems more appropriate since UCB wrote the original code, after all.
Revision 1.70 / (download) - annotate - [select for diffs], Wed Sep 9 04:57:18 1998 UTC (25 years, 7 months ago) by thorpej
Branch: MAIN
Changes since 1.69: +4 -3
lines
Diff to previous 1.69 (colored) to selected 1.384 (colored)
Make a diagnostic printf more sensible, PR #5951, Heiko W. Rupp.
Revision 1.69 / (download) - annotate - [select for diffs], Sun Aug 9 08:58:19 1998 UTC (25 years, 8 months ago) by mrg
Branch: MAIN
Changes since 1.68: +2 -1
lines
Diff to previous 1.68 (colored) to selected 1.384 (colored)
defopt PFIL_HOOKS.
Revision 1.68 / (download) - annotate - [select for diffs], Fri Jul 17 00:28:00 1998 UTC (25 years, 9 months ago) by sommerfe
Branch: MAIN
CVS Tags: eeh-paddr_t-base,
eeh-paddr_t
Changes since 1.67: +5 -2
lines
Diff to previous 1.67 (colored) to selected 1.384 (colored)
Fix PR5508: ipfil cut-through forwarding causes panic
Revision 1.67 / (download) - annotate - [select for diffs], Mon Jun 1 00:39:37 1998 UTC (25 years, 10 months ago) by thorpej
Branch: MAIN
Changes since 1.66: +7 -1
lines
Diff to previous 1.66 (colored) to selected 1.384 (colored)
Protect the ipflow_reap() call with splsoftnet.
Revision 1.66 / (download) - annotate - [select for diffs], Sun May 24 20:14:53 1998 UTC (25 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.65: +3 -3
lines
Diff to previous 1.65 (colored) to selected 1.384 (colored)
Fix OBOB in IP timestamp option processing, as noted in FreeBSD PR 6738, from Jennifer Dawn Meyers <jdm@enteract.com>.
Revision 1.65 / (download) - annotate - [select for diffs], Mon May 4 19:24:53 1998 UTC (25 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.64: +8 -1
lines
Diff to previous 1.64 (colored) to selected 1.384 (colored)
Default IP flow to being enabled. Add a sysctl to control the maximum number of flows (net.inet.ip.maxflows). If set to 0, will disable fast path forwarding.
Revision 1.64 / (download) - annotate - [select for diffs], Fri May 1 03:23:24 1998 UTC (25 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.63: +14 -3
lines
Diff to previous 1.63 (colored) to selected 1.384 (colored)
Allow packet filters to prevent a packet from creating a fast-forwarding flow, by setting the "can fast forward" flag in the packet header, and giving a chance for filters to clear the flag. If the flag is still set after the filters have given it a chance, the packet will be used to create a fast-forward flow entry.
Revision 1.63 / (download) - annotate - [select for diffs], Wed Apr 29 21:37:55 1998 UTC (25 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.62: +13 -2
lines
Diff to previous 1.62 (colored) to selected 1.384 (colored)
Add support for "fast" forwarding. Add hooks in if_ethersubr.c and if_fddisubr.c to fastpath IP forwarding. If ip_forward successfully forwards a packet, it will create a cache (ipflow) entry. ether_input and fddi_input will first call ipflow_fastforward with the received packet and if the packet passes enough tests, it will be forwarded (the ttl is decremented and the cksum is adjusted incrementally).
Revision 1.62 / (download) - annotate - [select for diffs], Wed Apr 29 20:45:30 1998 UTC (25 years, 11 months ago) by matt
Branch: MAIN
Changes since 1.61: +2 -1
lines
Diff to previous 1.61 (colored) to selected 1.384 (colored)
defopt GATEWAY
Revision 1.61 / (download) - annotate - [select for diffs], Wed Apr 29 03:45:52 1998 UTC (25 years, 11 months ago) by kml
Branch: MAIN
Changes since 1.60: +2 -2
lines
Diff to previous 1.60 (colored) to selected 1.384 (colored)
change path MTU timeout value to match RFC 1191
Revision 1.60 / (download) - annotate - [select for diffs], Wed Apr 29 03:44:11 1998 UTC (25 years, 11 months ago) by kml
Branch: MAIN
Changes since 1.59: +27 -3
lines
Diff to previous 1.59 (colored) to selected 1.384 (colored)
Add support for deletion of routes added by path MTU discovery; uses new generic route timeout code. Add sysctl for timeout period.
Revision 1.59 / (download) - annotate - [select for diffs], Thu Mar 19 15:46:43 1998 UTC (26 years, 1 month ago) by mrg
Branch: MAIN
Changes since 1.58: +2 -2
lines
Diff to previous 1.58 (colored) to selected 1.384 (colored)
convert pfil(9) in and out lists from <sys/queue.h> LISTs to TAILQs, and change pfil_add_hook to put output filters at the tail of the queue, while continuing to place input filters at the head of the queue. update the two users of these functions, and document these changes. fixes PR#4593.
Revision 1.58 / (download) - annotate - [select for diffs], Sun Feb 15 18:24:27 1998 UTC (26 years, 2 months ago) by tls
Branch: MAIN
Changes since 1.57: +38 -1
lines
Diff to previous 1.57 (colored) to selected 1.384 (colored)
Add correct copyright notice for IP address hash change. This code is donated to TNF by the original copyright holder, Panix.
Revision 1.57 / (download) - annotate - [select for diffs], Fri Feb 13 18:21:44 1998 UTC (26 years, 2 months ago) by tls
Branch: MAIN
Changes since 1.56: +18 -14
lines
Diff to previous 1.56 (colored) to selected 1.384 (colored)
Change list of interface IP addresses to a hash. Improves performance on hosts with a large number of IP addresses significantly.
Revision 1.56 / (download) - annotate - [select for diffs], Wed Jan 28 02:36:10 1998 UTC (26 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.55: +1 -4
lines
Diff to previous 1.55 (colored) to selected 1.384 (colored)
Use offsetof() from libkern.h
Revision 1.55 / (download) - annotate - [select for diffs], Mon Jan 12 03:02:51 1998 UTC (26 years, 3 months ago) by scottr
Branch: MAIN
Changes since 1.54: +3 -1
lines
Diff to previous 1.54 (colored) to selected 1.384 (colored)
Use option header file for MROUTING
Revision 1.54 / (download) - annotate - [select for diffs], Mon Jan 5 09:52:04 1998 UTC (26 years, 3 months ago) by lukem
Branch: MAIN
Changes since 1.53: +28 -2
lines
Diff to previous 1.53 (colored) to selected 1.384 (colored)
enhance ephemeral port allocation code: * support sysctl net.inet.ip.anonportmin (lowest ephemeral port) and net.inet.ip.anonportmax (highest ephemeral port). these can't be set to >65535, < IPPORT_RESERVED (unless IPNOPRIVPORTS is defined), and anonportmin has to be < anonportmax. * use a cleaner way of only cycling through the available set once; this will be useful for when a random allocation scheme is used * define IPPORT_ANON{MIN,MAX} instead of IPPORT_USER{LOW,HIGH}
Revision 1.53 / (download) - annotate - [select for diffs], Sat Oct 18 21:18:31 1997 UTC (26 years, 6 months ago) by kml
Branch: MAIN
CVS Tags: netbsd-1-3-base,
netbsd-1-3-RELEASE,
netbsd-1-3-PATCH001,
netbsd-1-3-BETA
Branch point for: netbsd-1-3
Changes since 1.52: +9 -1
lines
Diff to previous 1.52 (colored) to selected 1.384 (colored)
change sysctl net.inet.icmp.mtudisc to net.inet.ip.mtudisc
Revision 1.52 / (download) - annotate - [select for diffs], Fri Oct 17 21:20:57 1997 UTC (26 years, 6 months ago) by thorpej
Branch: MAIN
Changes since 1.51: +6 -1
lines
Diff to previous 1.51 (colored) to selected 1.384 (colored)
Allow `subnetsarelocal' to be changed via sysctl.
Revision 1.51 / (download) - annotate - [select for diffs], Fri Aug 29 16:02:42 1997 UTC (26 years, 7 months ago) by gwr
Branch: MAIN
CVS Tags: thorpej-signal-base,
thorpej-signal,
marc-pcmcia-base
Changes since 1.50: +8 -1
lines
Diff to previous 1.50 (colored) to selected 1.384 (colored)
Tweaks to allow operation with an interface address of 0.0.0.0 (needed for NFS mountroot using BOOTP to get boot parameters)
Revision 1.50 / (download) - annotate - [select for diffs], Tue Jun 24 02:26:04 1997 UTC (26 years, 10 months ago) by thorpej
Branch: MAIN
CVS Tags: marc-pcmcia-bp,
bouyer-scsipi
Branch point for: marc-pcmcia
Changes since 1.49: +22 -27
lines
Diff to previous 1.49 (colored) to selected 1.384 (colored)
Eliminate use of dtom() from the network code, allowing more flexible use of mbuf external storage and increasing performance (by eliminating an m_pullup() for clusters in the IP reassembly code). Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628 and #3480, with ever-so-slight integration changes by me.
Revision 1.49 / (download) - annotate - [select for diffs], Tue Apr 15 00:41:52 1997 UTC (27 years ago) by christos
Branch: MAIN
Changes since 1.48: +2 -2
lines
Diff to previous 1.48 (colored) to selected 1.384 (colored)
Move the mtod calls *after* we've made sure that the packet has passed the filter successfully. Otherwise it can be NULL if the filter blocked it, and we die. How did this ever work?
Revision 1.48 / (download) - annotate - [select for diffs], Wed Feb 26 04:09:32 1997 UTC (27 years, 1 month ago) by mrg
Branch: MAIN
CVS Tags: is-newarp-before-merge
Changes since 1.47: +2 -2
lines
Diff to previous 1.47 (colored) to selected 1.384 (colored)
allow src-routed packetd by default, per host requirements
Revision 1.47 / (download) - annotate - [select for diffs], Tue Feb 25 08:35:42 1997 UTC (27 years, 1 month ago) by cjs
Branch: MAIN
Changes since 1.46: +15 -5
lines
Diff to previous 1.46 (colored) to selected 1.384 (colored)
Add net.inet.ip.allowsrcrt option which allows/drops all source routed packets. This currently defaults to `drop,' but once we verify that all applications that rely on determining remote IP addresses for authentication are dropping the connection when they see a source route option (not just disabling the source route option), we can turn this back on and conform with the host requirements.
Revision 1.46 / (download) - annotate - [select for diffs], Wed Feb 19 08:30:04 1997 UTC (27 years, 2 months ago) by cjs
Branch: MAIN
Changes since 1.45: +6 -4
lines
Diff to previous 1.45 (colored) to selected 1.384 (colored)
Fix bug in sysctl net.inet.ip.forwsrcrt handing: now you can read it if securelevel > 0. (Thanks, cgd.)
Revision 1.45 / (download) - annotate - [select for diffs], Tue Feb 18 20:49:35 1997 UTC (27 years, 2 months ago) by mrg
Branch: MAIN
Changes since 1.44: +2 -5
lines
Diff to previous 1.44 (colored) to selected 1.384 (colored)
pseudo-device ipfilter brings in PFIL_HOOKS.
Revision 1.44 / (download) - annotate - [select for diffs], Sat Jan 11 05:21:10 1997 UTC (27 years, 3 months ago) by thorpej
Branch: MAIN
CVS Tags: thorpej-setroot,
mrg-vm-swap,
is-newarp-base
Branch point for: is-newarp
Changes since 1.43: +66 -1
lines
Diff to previous 1.43 (colored) to selected 1.384 (colored)
Implement the IP_RECVIF socket option: supply a datagram packet's incoming interface using a sockaddr_dl in a control mbuf. Implement SO_TIMESTAMP for IP datagrams. Move packet information option processing into a generic function so that they work with multicast UDP and raw IP as well as unicast UDP. Contributed by Bill Fenner <fenner@parc.xerox.com>.
Revision 1.43 / (download) - annotate - [select for diffs], Fri Dec 20 09:08:14 1996 UTC (27 years, 4 months ago) by mrg
Branch: MAIN
Changes since 1.42: +5 -4
lines
Diff to previous 1.42 (colored) to selected 1.384 (colored)
in pfil_hooks: always reassign ip after calling hook.
Revision 1.42 / (download) - annotate - [select for diffs], Fri Dec 20 08:39:27 1996 UTC (27 years, 4 months ago) by mrg
Branch: MAIN
Changes since 1.41: +1 -9
lines
Diff to previous 1.41 (colored) to selected 1.384 (colored)
remove pfil_bad.
Revision 1.41 / (download) - annotate - [select for diffs], Fri Oct 25 06:30:32 1996 UTC (27 years, 5 months ago) by thorpej
Branch: MAIN
Changes since 1.40: +8 -2
lines
Diff to previous 1.40 (colored) to selected 1.384 (colored)
Before concatenating frags, sanity check the length of the packet. If it's larger than IP_MAXPACKET, discard it. Based on a patch from Bill Fenner <fenner@parc.xerox.com>
Revision 1.40 / (download) - annotate - [select for diffs], Tue Oct 22 11:27:05 1996 UTC (27 years, 6 months ago) by veego
Branch: MAIN
Changes since 1.39: +4 -3
lines
Diff to previous 1.39 (colored) to selected 1.384 (colored)
Fix a panic from the pfil_hooks.
Revision 1.39 / (download) - annotate - [select for diffs], Sun Oct 13 02:03:05 1996 UTC (27 years, 6 months ago) by christos
Branch: MAIN
Changes since 1.38: +8 -8
lines
Diff to previous 1.38 (colored) to selected 1.384 (colored)
backout previous kprintf changes
Revision 1.38 / (download) - annotate - [select for diffs], Thu Oct 10 23:12:49 1996 UTC (27 years, 6 months ago) by christos
Branch: MAIN
Changes since 1.37: +8 -8
lines
Diff to previous 1.37 (colored) to selected 1.384 (colored)
printf -> kprintf, sprintf -> ksprintf
Revision 1.37 / (download) - annotate - [select for diffs], Sat Sep 21 19:44:33 1996 UTC (27 years, 7 months ago) by perry
Branch: MAIN
Changes since 1.36: +2 -2
lines
Diff to previous 1.36 (colored) to selected 1.384 (colored)
commit fix in pr 2772 -- the IP input code was assuming that the reserved (must be zero) flag must necessarily be zero. We now define an IP_RF (by analogy to IP_DF and IP_MF) and mask it out when necessary.
Revision 1.36 / (download) - annotate - [select for diffs], Sat Sep 14 14:40:26 1996 UTC (27 years, 7 months ago) by mrg
Branch: MAIN
Changes since 1.35: +11 -7
lines
Diff to previous 1.35 (colored) to selected 1.384 (colored)
move the packet filter hooks in to a saner location. while i'm here, rename PACKET_FILTER to PFIL_HOOKS.
Revision 1.35 / (download) - annotate - [select for diffs], Mon Sep 9 14:51:16 1996 UTC (27 years, 7 months ago) by mycroft
Branch: MAIN
Changes since 1.34: +21 -23
lines
Diff to previous 1.34 (colored) to selected 1.384 (colored)
Add in_nullhost() and in_hosteq() macros, to hide some protocol details. Also, fix a bug in TCP wrt SYN+URG packets.
Revision 1.34 / (download) - annotate - [select for diffs], Sun Sep 8 15:49:43 1996 UTC (27 years, 7 months ago) by mycroft
Branch: MAIN
Changes since 1.33: +3 -3
lines
Diff to previous 1.33 (colored) to selected 1.384 (colored)
Save 68 bytes of the packet for ICMP, not 64. From Laine Stump, PR 2296.
Revision 1.33 / (download) - annotate - [select for diffs], Fri Sep 6 05:07:44 1996 UTC (27 years, 7 months ago) by mrg
Branch: MAIN
Changes since 1.32: +28 -3
lines
Diff to previous 1.32 (colored) to selected 1.384 (colored)
add packet filter interface code. see pfil(9) for more details. you need the PACKET_FILTER option to enable this code. currently, ipfilter version 3.1.1-beta has been converted to use this new interface.
Revision 1.32 / (download) - annotate - [select for diffs], Wed Aug 14 03:46:44 1996 UTC (27 years, 8 months ago) by thorpej
Branch: MAIN
Changes since 1.31: +4 -4
lines
Diff to previous 1.31 (colored) to selected 1.384 (colored)
Fix some DIAGNOSTIC printf() formats; ntohl() provides a 32-bit quantity, and should be printed with %x, not %lx.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Jul 10 18:13:39 1996 UTC (27 years, 9 months ago) by cgd
Branch: MAIN
Changes since 1.30: +4 -4
lines
Diff to previous 1.30 (colored) to selected 1.384 (colored)
print result of ntohl/htonl as a long. (makes -Wformat work on the Alpha.)
Revision 1.30 / (download) - annotate - [select for diffs], Sat Mar 16 23:53:58 1996 UTC (28 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: netbsd-1-2-base,
netbsd-1-2-RELEASE,
netbsd-1-2-BETA
Branch point for: netbsd-1-2
Changes since 1.29: +5 -5
lines
Diff to previous 1.29 (colored) to selected 1.384 (colored)
Fix printf format args.
Revision 1.29 / (download) - annotate - [select for diffs], Mon Feb 26 23:17:06 1996 UTC (28 years, 1 month ago) by mrg
Branch: MAIN
Changes since 1.28: +2 -3
lines
Diff to previous 1.28 (colored) to selected 1.384 (colored)
two more local addr changes, all done differently now (idea from charles)
Revision 1.28 / (download) - annotate - [select for diffs], Tue Feb 13 23:42:37 1996 UTC (28 years, 2 months ago) by christos
Branch: MAIN
Changes since 1.27: +9 -7
lines
Diff to previous 1.27 (colored) to selected 1.384 (colored)
netinet prototypes
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jan 16 04:17:37 1996 UTC (28 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.26: +20 -10
lines
Diff to previous 1.26 (colored) to selected 1.384 (colored)
Add a net.inet.ip.directed-broadcast sysctl as suggested by Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au> in PR #1227. This change is slightly different than the one submitted by Darren in that the DIRECTED_BROADCAST compile-time option will behave like it used to so that existing configurations utilizing it won't have to change.
Revision 1.26 / (download) - annotate - [select for diffs], Mon Jan 15 21:11:55 1996 UTC (28 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.25: +20 -1
lines
Diff to previous 1.25 (colored) to selected 1.384 (colored)
Add net.inet.ip.forwsrcrt: if zero, the system will not forward source-routed packets. Note this value is protected by kernel security level; it can only be changed if securelevel < 1.
Revision 1.25 / (download) - annotate - [select for diffs], Tue Nov 21 01:07:34 1995 UTC (28 years, 5 months ago) by cgd
Branch: MAIN
Changes since 1.24: +91 -103
lines
Diff to previous 1.24 (colored) to selected 1.384 (colored)
make netinet work on systems where pointers and longs are 64 bits (like the alpha). Biggest problem: IP headers were overlayed with structure which included pointers, and which therefore didn't overlay properly on 64-bit machines. Solution: instead of threading pointers through IP header overlays, add a "queue element" structure to do the threading, and point it at the ip headers.
Revision 1.24 / (download) - annotate - [select for diffs], Sat Aug 12 23:59:36 1995 UTC (28 years, 8 months ago) by mycroft
Branch: MAIN
CVS Tags: netbsd-1-1-base,
netbsd-1-1-RELEASE,
netbsd-1-1-PATCH001,
netbsd-1-1
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored) to selected 1.384 (colored)
splnet --> splsoftnet
Revision 1.23 / (download) - annotate - [select for diffs], Mon Jun 12 06:46:36 1995 UTC (28 years, 10 months ago) by mycroft
Branch: MAIN
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored) to selected 1.384 (colored)
Change in_pcbnotify*() to take an errno value. Make inetctlerrmap[] an array on ints, not u_chars.
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jun 12 00:47:41 1995 UTC (28 years, 10 months ago) by mycroft
Branch: MAIN
Changes since 1.21: +5 -4
lines
Diff to previous 1.21 (colored) to selected 1.384 (colored)
Various cleanup, including: * Convert several data structures to use queue.h. * Split in_pcbnotify() into two parts; one for notifying a specific PCB, and one for notifying all PCBs for a particular foreign address.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jun 7 16:01:15 1995 UTC (28 years, 10 months ago) by mycroft
Branch: MAIN
Changes since 1.20: +1 -15
lines
Diff to previous 1.20 (colored) to selected 1.384 (colored)
Remove ip_ifmatrix completely.
Revision 1.20 / (download) - annotate - [select for diffs], Sun Jun 4 05:58:26 1995 UTC (28 years, 10 months ago) by mycroft
Branch: MAIN
Changes since 1.19: +12 -15
lines
Diff to previous 1.19 (colored) to selected 1.384 (colored)
Don't cast things unnecessarily.
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jun 4 05:07:03 1995 UTC (28 years, 10 months ago) by mycroft
Branch: MAIN
Changes since 1.18: +10 -16
lines
Diff to previous 1.18 (colored) to selected 1.384 (colored)
Clean up many more casts.
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jun 1 21:36:27 1995 UTC (28 years, 10 months ago) by mycroft
Branch: MAIN
Changes since 1.17: +10 -15
lines
Diff to previous 1.17 (colored) to selected 1.384 (colored)
Avoid byte-swapping IP addresses at run time.
Revision 1.17 / (download) - annotate - [select for diffs], Mon May 15 02:09:58 1995 UTC (28 years, 11 months ago) by cgd
Branch: MAIN
Changes since 1.16: +2 -2
lines
Diff to previous 1.16 (colored) to selected 1.384 (colored)
oops; forgot a '{'
Revision 1.16 / (download) - annotate - [select for diffs], Sun May 14 08:23:00 1995 UTC (28 years, 11 months ago) by cgd
Branch: MAIN
Changes since 1.15: +11 -2
lines
Diff to previous 1.15 (colored) to selected 1.384 (colored)
drop (and record) malformed IP fragments. Fixes pr 1030 (differently).
Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 13 06:33:21 1995 UTC (29 years ago) by cgd
Branch: MAIN
Changes since 1.14: +9 -9
lines
Diff to previous 1.14 (colored) to selected 1.384 (colored)
be a bit more careful and explicit with types. (basically a large no-op.)
Revision 1.14 / (download) - annotate - [select for diffs], Wed Jun 29 06:38:19 1994 UTC (29 years, 9 months ago) by cgd
Branch: MAIN
CVS Tags: netbsd-1-0-base,
netbsd-1-0-RELEASE,
netbsd-1-0-PATCH1,
netbsd-1-0-PATCH06,
netbsd-1-0-PATCH05,
netbsd-1-0-PATCH04,
netbsd-1-0-PATCH03,
netbsd-1-0-PATCH02,
netbsd-1-0-PATCH0,
netbsd-1-0
Changes since 1.13: +3 -2
lines
Diff to previous 1.13 (colored) to selected 1.384 (colored)
New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'
Revision 1.13 / (download) - annotate - [select for diffs], Fri May 13 06:06:21 1994 UTC (29 years, 11 months ago) by mycroft
Branch: MAIN
Changes since 1.12: +96 -75
lines
Diff to previous 1.12 (colored) to selected 1.384 (colored)
Update to 4.4-Lite networking code, with a few local changes.
Revision 1.12 / (download) - annotate - [select for diffs], Mon Feb 14 21:45:53 1994 UTC (30 years, 2 months ago) by mycroft
Branch: MAIN
Changes since 1.11: +3 -3
lines
Diff to previous 1.11 (colored) to selected 1.384 (colored)
PARANOID --> DIAGNOSTIC for inexpensive tests.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 2 05:59:04 1994 UTC (30 years, 2 months ago) by hpeyerl
Branch: MAIN
Changes since 1.10: +1 -3
lines
Diff to previous 1.10 (colored) to selected 1.384 (colored)
Multicast is no longer optional.
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jan 29 11:58:01 1994 UTC (30 years, 2 months ago) by brezak
Branch: MAIN
Changes since 1.9: +9 -1
lines
Diff to previous 1.9 (colored) to selected 1.384 (colored)
Fix some cases of NOT dealing with m_pkthdr's. This code is still suspect though, at least this fixes some panics.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Jan 10 20:14:19 1994 UTC (30 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.8: +6 -2
lines
Diff to previous 1.8 (colored) to selected 1.384 (colored)
Should compile now with or without `options MULTICAST'.
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jan 9 01:06:13 1994 UTC (30 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.7: +16 -1
lines
Diff to previous 1.7 (colored) to selected 1.384 (colored)
Prototype the rest.
Revision 1.7 / (download) - annotate - [select for diffs], Sat Jan 8 23:50:45 1994 UTC (30 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.6: +5 -2
lines
Diff to previous 1.6 (colored) to selected 1.384 (colored)
More prototypes.
Revision 1.6 / (download) - annotate - [select for diffs], Sat Jan 8 21:21:47 1994 UTC (30 years, 3 months ago) by mycroft
Branch: MAIN
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored) to selected 1.384 (colored)
Fix some inconsistent spacing; spaces at the end of lines, etc.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Dec 18 00:41:57 1993 UTC (30 years, 4 months ago) by mycroft
Branch: MAIN
Changes since 1.4: +20 -20
lines
Diff to previous 1.4 (colored) to selected 1.384 (colored)
Canonicalize all #includes.
Revision 1.4 / (download) - annotate - [select for diffs], Mon Dec 6 04:59:37 1993 UTC (30 years, 4 months ago) by hpeyerl
Branch: MAIN
Changes since 1.3: +48 -1
lines
Diff to previous 1.3 (colored) to selected 1.384 (colored)
multicast support. >From Chris Maeda, cmaeda@cs.washington.edu These patches are derived from the IP Multicast patches for BSDI.
Revision 1.3 / (download) - annotate - [select for diffs], Thu May 20 03:50:25 1993 UTC (30 years, 11 months ago) by cgd
Branch: MAIN
CVS Tags: netbsd-0-9-patch-001,
netbsd-0-9-base,
netbsd-0-9-RELEASE,
netbsd-0-9-BETA,
netbsd-0-9-ALPHA2,
netbsd-0-9-ALPHA,
netbsd-0-9,
magnum-base
Branch point for: magnum
Changes since 1.2: +2 -1
lines
Diff to previous 1.2 (colored) to selected 1.384 (colored)
more rcsid additions and file header cleanups
Revision 1.2 / (download) - annotate - [select for diffs], Tue May 4 05:41:18 1993 UTC (30 years, 11 months ago) by cgd
Branch: MAIN
Changes since 1.1: +11 -1
lines
Diff to previous 1.1 (colored) to selected 1.384 (colored)
make ip_input recursion checking be for -DPARANOID, and make it panic
Revision 1.1 / (download) - annotate - [select for diffs], Sun Mar 21 09:45:37 1993 UTC (31 years, 1 month ago) by cgd
Branch: MAIN
Diff to selected 1.384 (colored)
Initial revision