![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / net
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.154 / (download) - annotate - [select for diffs], Fri Jun 7 13:43:21 2024 UTC (3 days, 17 hours ago) by jsg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.153: +1 -4 lines
Diff to previous 1.153 (colored)
remove ph_ppp_proto define, unused since rev 1.123
Revision 1.153 / (download) - annotate - [select for diffs], Tue Jan 23 17:57:21 2024 UTC (4 months, 2 weeks ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.152: +56 -21 lines
Diff to previous 1.152 (colored)
Introduce pipex_iterator(), the special thing to perform `pipex_session_list' foreach walkthrough with `pipex_list_mtx' mutex(9) relocking. It inserts special item after acquired `session' and keeps it linked until `session' release. Only owner can unlink it's own item, so the LIST_NEXT(session) is always valid even the `session' was unlinked. The iterator skips special items at the `session' acquisition time, as all other foreach loops where `pipex_list_mtx' mutex(9) is not relocked. ok yasuoka
Revision 1.152 / (download) - annotate - [select for diffs], Tue Jan 23 16:57:52 2024 UTC (4 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.151: +1 -7 lines
Diff to previous 1.151 (colored)
Remove `pipex_rd_head6' and `ps6_rn[2]'. They are not used. ok yasuoka
Revision 1.151 / (download) - annotate - [select for diffs], Fri Dec 1 20:30:22 2023 UTC (6 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.150: +6 -4 lines
Diff to previous 1.150 (colored)
pipex(4) layer is completely mp-safe, move the pipex_timer() timeout(9) handler out of kernel lock. ok bluhm
Revision 1.150 / (download) - annotate - [select for diffs], Tue Nov 28 13:23:20 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.149: +2 -3 lines
Diff to previous 1.149 (colored)
Remove struct inpcb from in6_embedscope() parameters. rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock. OK kn@
Revision 1.149 / (download) - annotate - [select for diffs], Sat Sep 16 09:33:27 2023 UTC (8 months, 3 weeks ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.148: +2 -2 lines
Diff to previous 1.148 (colored)
Allow counters_read(9) to take an optional scratch buffer. Using a scratch buffer makes it possible to take a consistent snapshot of per-CPU counters without having to allocate memory. Makes ddb(4) show uvmexp command work in OOM situations. ok kn@, mvs@, cheloha@
Revision 1.148 / (download) - annotate - [select for diffs], Tue Aug 30 19:42:29 2022 UTC (21 months, 1 week ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.147: +15 -3 lines
Diff to previous 1.147 (colored)
Syzkaller found a missing input validation in pipex mppe keylenbits. Reported-by: syzbot+2eca95b271d07ab91b43@syzkaller.appspotmail.com tested yasuoka@; OK mvs@ yasuoka@
Revision 1.147 / (download) - annotate - [select for diffs], Mon Jul 25 08:28:42 2022 UTC (22 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.146: +31 -34 lines
Diff to previous 1.146 (colored)
Remove "Static" keyword from pipex(4) layer. We don't use "static" keyword for functions declaration to allow ddb(4) debug. Also, many "Static" functions are called by pppx(4) layer outside pipex(4) layer. This is the mostly mechanic diff, except the `pipex_pppoe_padding' which should be "static const". ok bluhm@ yasuoka@
Revision 1.146 / (download) - annotate - [select for diffs], Fri Jul 15 22:56:13 2022 UTC (22 months, 3 weeks ago) by mvs
Branch: MAIN
Changes since 1.145: +108 -46 lines
Diff to previous 1.145 (colored)
Introduce fine grained pipex(4) locking. Use per-session `pxs_mtx' mutex(9) to protect session context. Except MPPE encryption, PPPOE sessions are mostly immutable, so no lock required for that case. Global pipex(4) data is already protected by `pipex_list_mtx' mutex(9), so pipex(4) doesn't rely on netlock anymore. Recursion was removed from pipex_mppe_input() and pipex_mppe_output(). ok bluhm@
Revision 1.145 / (download) - annotate - [select for diffs], Tue Jul 12 08:58:53 2022 UTC (23 months ago) by mvs
Branch: MAIN
Changes since 1.144: +2 -46 lines
Diff to previous 1.144 (colored)
Remove PIPEXCSESSION pipex(4) ioctl(2) command from kernel and man page. Long time ago pipex(4) session can't be deleted until both pipex(4) input and output queues become empty. Dead sessions were linked to the stack and the `ip_forward' flag was used to prevent packets forwarding. npppd(8) marked such sessions by doing PIPEXCSESSION ioctl(2) call. But since we started to unlink close session from the stack, this logic became unnecessary. Also pipex(4) session could be closed just after close request. npppd(8) was the only userland program which did PIPEXCSESSION ioctl(2) call, and we removed it week ago. It's time to remove the remains. Now the `flags' member of 'pipex_session' structure became immutable. ok yasuoka@
Revision 1.144 / (download) - annotate - [select for diffs], Sun Jul 10 21:28:10 2022 UTC (23 months ago) by mvs
Branch: MAIN
Changes since 1.143: +27 -9 lines
Diff to previous 1.143 (colored)
Add missing `pipex_list_mtx' mutex(9) around all sessions loop within pipex_ip_output(). The all sessions loop was reworked to make possible to drop the lock within. ok bluhm@ yasuoka@.
Revision 1.143 / (download) - annotate - [select for diffs], Sat Jul 2 08:50:42 2022 UTC (23 months, 1 week ago) by visa
Branch: MAIN
Changes since 1.142: +1 -2 lines
Diff to previous 1.142 (colored)
Remove unused device poll functions. Also remove unneeded includes of <sys/poll.h> and <sys/select.h>. Some addenda from jsg@. OK miod@ mpi@
Revision 1.142 / (download) - annotate - [select for diffs], Tue Jun 28 08:01:40 2022 UTC (23 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.141: +51 -11 lines
Diff to previous 1.141 (colored)
Introduce `pipexoutq' mbuf(9) queue, and put outgoing pipex(4) related PPPOE packets within. Do (*if_output)() calls within netisr handler with netlock held. We can't predict netlock state when pipex(4) related (*if_qstart)() handlers called. This means we can't use netlock within pppac_qstart() and pppx_if_qstart() handlers. ok bluhm@
Revision 1.141 / (download) - annotate - [select for diffs], Sun Jun 26 22:51:58 2022 UTC (23 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.140: +2 -2 lines
Diff to previous 1.140 (colored)
Mark `pipex_enable' as atomic. We never check `pipex_enable' within (*if_qstart)() and we don't worry it's not serialized with the rest of output path. Also we will process already enqueued pipex(4) packets regardless on `pipex_enable' state. Use the local copy of `pipex_enable' within pppx_if_output(), otherwise we loose consistency. pointed and ok by bluhm@
Revision 1.140 / (download) - annotate - [select for diffs], Sun Jun 26 21:29:34 2022 UTC (23 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.139: +5 -3 lines
Diff to previous 1.139 (colored)
Don't reset `idle_time' timeout on closed pipex(4) sessions in packet processing path. Such sessions already reached time to live timeout, and the garbage collector waits a little to before kill them. Otherwise we could make session's life time more then PIPEX_CLOSE_TIMEOUT. ok bluhm@
Revision 1.139 / (download) - annotate - [select for diffs], Sun Jun 26 18:56:09 2022 UTC (23 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.138: +13 -13 lines
Diff to previous 1.138 (colored)
Fix spacing.
Revision 1.138 / (download) - annotate - [select for diffs], Sun Jun 26 15:50:21 2022 UTC (23 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.137: +150 -44 lines
Diff to previous 1.137 (colored)
The "ifq_set_maxlen(..., 1);" hack we use to enforce pipex(4) related (*if_qstart)() be always called with netlock held doesn't work anymore with PPPOE sessions. Introduce `pipex_list_mtx' mutex(9) and use it to protect global pipex(4) lists and radix trees. Protect pipex(4) `session' dereference with reference counters, because we could sleep when accessing pipex(4) from ioctl(2) path, and this is not possible with mutex(9) held. ok bluhm@
Revision 1.137 / (download) - annotate - [select for diffs], Sun Jun 26 13:14:37 2022 UTC (23 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.136: +26 -21 lines
Diff to previous 1.136 (colored)
'pipex_mppe' and 'pipex_session' structures have uint16_t bit fields which represent flags. We mix unlocked access to immutable flags with protected access to mutable ones. This could be not MP independent on some architectures, so convert these fields to u_int `flags' variables. ok bluhm@
Revision 1.136 / (download) - annotate - [select for diffs], Sun Jan 2 22:36:04 2022 UTC (2 years, 5 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.135: +3 -3 lines
Diff to previous 1.135 (colored)
spelling ok jmc@ reads ok tb@
Revision 1.135 / (download) - annotate - [select for diffs], Tue Jul 27 09:29:09 2021 UTC (2 years, 10 months ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.134: +27 -3 lines
Diff to previous 1.134 (colored)
Introduce mutex(9) to protect pipex(4) session content. With bluhm@'s diff for parallel forwarding pipex(4) could be accessed in parallel through (*ifp->if_input)() -> ether_input() -> pipex_pppoe_input(). PPPOE pipex(4) sessions are mostly immutable except MPPE crypt. The new per-session `pxs_mtx' mutex(9) used to protect session's `ccp-id' which is incremented each time we send CCP reset-request. The new `pxm_mtx' mutex(9) used to protect MPPE context. Each pipex(4) session has two of them: one for the input and one for output path. Where is no lock order limitations because those new mutex(9)'es never held together. ok bluhm@
Revision 1.134 / (download) - annotate - [select for diffs], Tue Jul 20 16:44:55 2021 UTC (2 years, 10 months ago) by mvs
Branch: MAIN
Changes since 1.133: +58 -37 lines
Diff to previous 1.133 (colored)
Turn pipex(4) session statistics to per-CPU counters. This makes pipex(4) more compliant to bluhm@'s work on traffic forwarding parallelization. ok yasuoka@ bluhm@
Revision 1.133 / (download) - annotate - [select for diffs], Sat May 15 08:07:20 2021 UTC (3 years ago) by yasuoka
Branch: MAIN
Changes since 1.132: +12 -1 lines
Diff to previous 1.132 (colored)
Fix IPsec NAT-T to work with pipex(4). Introduce a new packet tag PACKET_TAG_IPSEC_FLOWINFO to specify the IPsec flow. ok mvs
Revision 1.132 / (download) - annotate - [select for diffs], Wed Mar 10 10:21:48 2021 UTC (3 years, 3 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.131: +3 -3 lines
Diff to previous 1.131 (colored)
spelling ok gnezdo@ semarie@ mpi@
Revision 1.131 / (download) - annotate - [select for diffs], Thu Feb 25 02:48:21 2021 UTC (3 years, 3 months ago) by dlg
Branch: MAIN
Changes since 1.130: +10 -10 lines
Diff to previous 1.130 (colored)
we don't have to cast to caddr_t when calling m_copydata anymore. the first cut of this diff was made with coccinelle using this spatch: @rule@ type caddr_t; expression m, off, len, cp; @@ -m_copydata(m, off, len, (caddr_t)cp) +m_copydata(m, off, len, cp) i had fix it's opinionated idea of formatting by hand though, so i'm not sure it was worth it. ok deraadt@ bluhm@
Revision 1.130 / (download) - annotate - [select for diffs], Tue Jan 19 19:37:42 2021 UTC (3 years, 4 months ago) by mvs
Branch: MAIN
Changes since 1.129: +12 -5 lines
Diff to previous 1.129 (colored)
pipex(4): convert ifunit() to if_unit(9) ok dlg@
Revision 1.129 / (download) - annotate - [select for diffs], Sat Jan 9 21:00:04 2021 UTC (3 years, 5 months ago) by gnezdo
Branch: MAIN
Changes since 1.128: +3 -3 lines
Diff to previous 1.128 (colored)
Enforce range with sysctl_int_bounded in pipex_sysctl OK millert@
Revision 1.128 / (download) - annotate - [select for diffs], Sat Jan 2 13:15:15 2021 UTC (3 years, 5 months ago) by mvs
Branch: MAIN
Changes since 1.127: +1 -8 lines
Diff to previous 1.127 (colored)
Remove PIPEX{S,G}MODE ioctl(2) commands. This time they are pretty dummy
and were kept only for backward compatibility reasons.
ok mpi@ yasuoka@
Revision 1.127 / (download) - annotate - [select for diffs], Sun Aug 30 19:48:16 2020 UTC (3 years, 9 months ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.126: +1 -2 lines
Diff to previous 1.126 (colored)
Don't include "net/netisr.h" header. It's not needed here. ok yasuoka@
Revision 1.126 / (download) - annotate - [select for diffs], Sun Aug 30 19:45:20 2020 UTC (3 years, 9 months ago) by mvs
Branch: MAIN
Changes since 1.125: +3 -5 lines
Diff to previous 1.125 (colored)
pppac(4) uses per cpu counters for collect `ifnet' statistics, but in pipex(4) layer this `ifnet' still uses `if_data'. Also pppx(4) doesn't use per cpu counters but `if_data'. Add per cpu counters to pppx(4) and pipex(4). This finishes interface statistics collecting mess. ok yasuoka@
Revision 1.125 / (download) - annotate - [select for diffs], Thu Aug 27 10:47:52 2020 UTC (3 years, 9 months ago) by yasuoka
Branch: MAIN
Changes since 1.124: +71 -255 lines
Diff to previous 1.124 (colored)
Make pipex(4) more common for pppac(4) and pppx(4). Replace
pipex_iface of struct pipex_session with owner_sc which refers the
owner device. This makes ioctl commands for pppac or pppx device
simpler. PIPEX{S,G}MODE became dummy since both pppac and pppx is
always used with pipex. Also move some pppac specific things to the
pppac part on if_pppx.c.
suggestions from mvs, ok mvs
Revision 1.124 / (download) - annotate - [select for diffs], Wed Aug 12 08:41:39 2020 UTC (3 years, 9 months ago) by mvs
Branch: MAIN
Changes since 1.123: +1 -9 lines
Diff to previous 1.123 (colored)
Remove interface statistics update for outgoing packets. We shouldn't count them because `if_snd' does this. ok yasuoka@
Revision 1.123 / (download) - annotate - [select for diffs], Tue Aug 4 09:32:05 2020 UTC (3 years, 10 months ago) by mvs
Branch: MAIN
Changes since 1.122: +29 -112 lines
Diff to previous 1.122 (colored)
We have `pipexinq' and `pipexoutq' mbuf(9) queues to store pipex(4) related mbufs. Each mbuf(9) passed to these queues stores the pointer to corresponding pipex(4) session referenced as `m_pkthdr.ph_cookie'. When session was destroyed its reference can still be in these queues so we have use after free issue while pipexintr() dereference it. I removed `pipexinq', `pipexoutq' and pipexintr(). This not only allows us to avoid issue described above, but also removes unnecessary context switch in packet processing. Also it makes code simpler. ok mpi@ yasuoka@
Revision 1.122 / (download) - annotate - [select for diffs], Wed Jul 29 12:09:31 2020 UTC (3 years, 10 months ago) by mvs
Branch: MAIN
Changes since 1.121: +2 -2 lines
Diff to previous 1.121 (colored)
Interface index is unsigned integer. Fix the places where it referenced as signed. u_int used within pipex(4) for consistency with other code. ok dlg@ mpi@
Revision 1.121 / (download) - annotate - [select for diffs], Tue Jul 28 12:53:20 2020 UTC (3 years, 10 months ago) by mvs
Branch: MAIN
Changes since 1.120: +19 -11 lines
Diff to previous 1.120 (colored)
Document locks which protect pipex(4) global data structures. ok mpi@
Revision 1.120 / (download) - annotate - [select for diffs], Fri Jul 17 08:57:27 2020 UTC (3 years, 10 months ago) by mvs
Branch: MAIN
Changes since 1.119: +45 -17 lines
Diff to previous 1.119 (colored)
Use interface index instead of pointer to corresponding interface within pipex(4) layer. ok mpi@
Revision 1.119 / (download) - annotate - [select for diffs], Mon Jul 6 20:37:51 2020 UTC (3 years, 11 months ago) by mvs
Branch: MAIN
Changes since 1.118: +7 -1 lines
Diff to previous 1.118 (colored)
Protect the whole pipex(4) layer by NET_LOCK(). pipex(4) was simultaneously protected by KERNEL_LOCK() and NET_LOCK() and now we have the only lock for it. This step reduces locking mess in this layer. ok mpi@
Revision 1.118 / (download) - annotate - [select for diffs], Mon Jul 6 20:28:38 2020 UTC (3 years, 11 months ago) by mvs
Branch: MAIN
Changes since 1.117: +2 -2 lines
Diff to previous 1.117 (colored)
pipex_rele_session() frees memory pointed by `old_session_keys'. Use it in pipex_destroy_session() instead of pool_put(9) to prevent memory leak. ok mpi@
Revision 1.117 / (download) - annotate - [select for diffs], Tue Jun 30 14:05:13 2020 UTC (3 years, 11 months ago) by mvs
Branch: MAIN
Changes since 1.116: +1 -4 lines
Diff to previous 1.116 (colored)
Remove unused declaration. ok deraadt yasuoka
Revision 1.116 / (download) - annotate - [select for diffs], Mon Jun 22 09:38:15 2020 UTC (3 years, 11 months ago) by mvs
Branch: MAIN
Changes since 1.115: +4 -2 lines
Diff to previous 1.115 (colored)
Prevent potencial `state_list' corruption while pppac(4) destroys pipex(4) sessions by pipex_iface_fini() or by pipex_ioctl() with `PIPEXSMODE' command. ok yasuoka@
Revision 1.115 / (download) - annotate - [select for diffs], Thu Jun 18 14:20:12 2020 UTC (3 years, 11 months ago) by mvs
Branch: MAIN
Changes since 1.114: +113 -70 lines
Diff to previous 1.114 (colored)
Combine and replace duplicated code in pipex(4) and pppx(4) by new functions listed below. - pipex_init_session() to check request and alloc new session. - pipex_link_session() to link session to pipex(4) layer. - pipex_unlink_session() to unlink session from pipex(4) layer. - pipex_rele_session() to release session and it's internal allocation. ok mpi@
Revision 1.114 / (download) - annotate - [select for diffs], Sun May 31 03:14:59 2020 UTC (4 years ago) by dlg
Branch: MAIN
Changes since 1.113: +4 -14 lines
Diff to previous 1.113 (colored)
use ip{,6}_send instead of ip{,6}_output for l2tp and pptp.
pipex output is part of pppx and pppac if_start functions, so it
can't rely on or know if it already has NET_LOCK. this defers the
ip output stuff to where it can take the NET_LOCK reliably.
tested by Vitaliy Makkoveev, who also found that this was necessary
after ifq.c 1.38 and provided an excellent analysis of the problem.
ok mpi@
Revision 1.113 / (download) - annotate - [select for diffs], Tue Apr 7 07:11:22 2020 UTC (4 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.112: +6 -1 lines
Diff to previous 1.112 (colored)
Deny to create a pipex session if the session id already exists. From Vitaliy Makkoveev OK yasuoka@
Revision 1.112 / (download) - annotate - [select for diffs], Mon Apr 6 13:14:04 2020 UTC (4 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.111: +10 -15 lines
Diff to previous 1.111 (colored)
use LIST_FOERACH_SAFE() instead of manual rolling the loop. From Vitaliy Makkoveev
Revision 1.111 / (download) - annotate - [select for diffs], Mon Apr 6 12:31:30 2020 UTC (4 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.110: +23 -12 lines
Diff to previous 1.110 (colored)
Pass struct pipex_iface_context pointer down to pipex ioctl functions. This way pppx(4) and pppac(4) can be further unified. This is an intermediary step that does not introduce any behaviour change. From Vitaliy Makkoveev
Revision 1.110 / (download) - annotate - [select for diffs], Sat Apr 4 16:41:23 2020 UTC (4 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.109: +6 -3 lines
Diff to previous 1.109 (colored)
Prevent the destruction of a session owned by another interface. Issue reported by and fix from Vitaliy Makkoveev.
Revision 1.109 / (download) - annotate - [select for diffs], Thu Mar 26 16:50:46 2020 UTC (4 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.108: +10 -13 lines
Diff to previous 1.108 (colored)
Unify #ifdef guarding code to remove PPTP and L2TP sessions. This makes a pattern emerge that should help when starting to protect the global `session' list with something else than the KERNEL_LOCK(). from Vitaliy Makkoveev.
Revision 1.108 / (download) - annotate - [select for diffs], Wed Mar 25 11:39:58 2020 UTC (4 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.107: +3 -1 lines
Diff to previous 1.107 (colored)
Grab the NET_LOCK() before calling pipex_iface_stop(). This function calls pipex_destroy_session() which requires the lock and pipex_ioctl() already calls it with the NET_LOCK() held. From Vitaliy Makkoveev.
Revision 1.107 / (download) - annotate - [select for diffs], Thu Jan 31 18:01:14 2019 UTC (5 years, 4 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.106: +29 -28 lines
Diff to previous 1.106 (colored)
Fix compilation of amd64 kernel when optimization is disabled. C99 inline semantics resulted in undefined symbols. OK deraadt@ mpi@ dlg@
Revision 1.106 / (download) - annotate - [select for diffs], Mon Nov 20 10:35:24 2017 UTC (6 years, 6 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.105: +2 -1 lines
Diff to previous 1.105 (colored)
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK(). ok visa@
Revision 1.105 / (download) - annotate - [select for diffs], Fri Aug 11 21:24:19 2017 UTC (6 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.104: +6 -7 lines
Diff to previous 1.104 (colored)
Remove NET_LOCK()'s argument. Tested by Hrvoje Popovski, ok bluhm@
Revision 1.104 / (download) - annotate - [select for diffs], Fri Aug 11 20:56:15 2017 UTC (6 years, 10 months ago) by mestre
Branch: MAIN
Changes since 1.103: +4 -1 lines
Diff to previous 1.103 (colored)
During MPPE key reduction on the 40 bits case the first 3 octets need to be changed with known constants (RFC3079). Current code uses a switch case without breaks which implicitly makes the code correct, but to improve readibility the first octect should have the constant assigned also in the first case, without relying on a fallthrough to the second, and the break statement should be called on boths cases. This was a false positive found in Coverity CID 1453390, but changed due to to readibility as explained above. After discussion with millert@ and guenther@
Revision 1.103 / (download) - annotate - [select for diffs], Thu Jul 13 14:54:25 2017 UTC (6 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.102: +3 -3 lines
Diff to previous 1.102 (colored)
Set the ipl of pipex pools to IPL_SOFTNET. Fix floor splassert reported by mlarkin@ and Marko Cupać. ok dlg@, visa@, yasuoka@
Revision 1.102 / (download) - annotate - [select for diffs], Tue Jun 6 13:07:22 2017 UTC (7 years ago) by mpi
Branch: MAIN
Changes since 1.101: +3 -3 lines
Diff to previous 1.101 (colored)
Update panic strings, pipex no longer use rn_inithead0().
Revision 1.101 / (download) - annotate - [select for diffs], Tue May 30 07:50:37 2017 UTC (7 years ago) by mpi
Branch: MAIN
Changes since 1.100: +3 -16 lines
Diff to previous 1.100 (colored)
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP
forwarding path.
Disucssed with bluhm@, ok claudio@
Revision 1.100 / (download) - annotate - [select for diffs], Sun May 28 20:48:29 2017 UTC (7 years ago) by yasuoka
Branch: MAIN
Changes since 1.99: +10 -5 lines
Diff to previous 1.99 (colored)
Process packets immediately without queuing since pipex is believed MP safe already, for PPPoE case as first step. ok mpi
Revision 1.99 / (download) - annotate - [select for diffs], Sun May 28 18:55:25 2017 UTC (7 years ago) by yasuoka
Branch: MAIN
Changes since 1.98: +3 -1 lines
Diff to previous 1.98 (colored)
Check also whether the interfaces is matched when pipex check PPPoE packets. This fixes the problem when pipex connects with pppoe(4) through pair(4).
Revision 1.98 / (download) - annotate - [select for diffs], Sun May 28 18:42:00 2017 UTC (7 years ago) by yasuoka
Branch: MAIN
Changes since 1.97: +14 -12 lines
Diff to previous 1.97 (colored)
Use interface index instead of ifnet pointer.
Revision 1.97 / (download) - annotate - [select for diffs], Sun May 28 12:51:34 2017 UTC (7 years ago) by yasuoka
Branch: MAIN
Changes since 1.96: +32 -75 lines
Diff to previous 1.96 (colored)
Remove all splnet/splx from pipex(4) and pppx(4) and replace some of them by NET_LOCK/NET_UNLOCK. Also make the timeout for pipex_timer run with a thread context and replace pipex softintr by NETISR_PIPEX. ok mpi
Revision 1.96 / (download) - annotate - [select for diffs], Sat May 27 12:39:12 2017 UTC (7 years ago) by yasuoka
Branch: MAIN
Changes since 1.95: +11 -15 lines
Diff to previous 1.95 (colored)
Use rn_inithead() instead of rn_inithead0(). Since rn_inithead0() doesn't trigger rn_initmask() and first session had caused panics. Reported by VOblezov at mtsbank.ru.
Revision 1.95 / (download) - annotate - [select for diffs], Sat May 27 10:24:02 2017 UTC (7 years ago) by mpi
Branch: MAIN
Changes since 1.94: +1 -2 lines
Diff to previous 1.94 (colored)
Remove obsolete comment talking about splnet().
Revision 1.94 / (download) - annotate - [select for diffs], Thu May 4 15:00:24 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.93: +5 -7 lines
Diff to previous 1.93 (colored)
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
Revision 1.93 / (download) - annotate - [select for diffs], Tue Apr 18 01:24:47 2017 UTC (7 years, 1 month ago) by yasuoka
Branch: MAIN
Changes since 1.92: +14 -32 lines
Diff to previous 1.92 (colored)
Fix pipex(4) not to cause panics on strict alignment architectures. ok claudio
Revision 1.92 / (download) - annotate - [select for diffs], Tue Jan 24 10:08:30 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
A space here, a space there. Soon we're talking real whitespace rectification.
Revision 1.91 / (download) - annotate - [select for diffs], Mon Dec 19 15:51:53 2016 UTC (7 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.90: +1 -2 lines
Diff to previous 1.90 (colored)
Kill useless comment about splsoftnet() which is going away.
Revision 1.90 / (download) - annotate - [select for diffs], Fri Nov 18 02:53:47 2016 UTC (7 years, 6 months ago) by dlg
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
turn ipstat into a set of percpu counters. each counter is identified by an enum value which correspond to the original members of the udpstat struct. udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual updates. udpstat_inc is a thin wrapper around counters_inc. counters are still returned to userland via the udpstat struct for now. ok mpi@ mikeb@ deraadt@
Revision 1.89 / (download) - annotate - [select for diffs], Thu Sep 15 02:00:18 2016 UTC (7 years, 8 months ago) by dlg
Branch: MAIN
Changes since 1.88: +5 -7 lines
Diff to previous 1.88 (colored)
all pools have their ipl set via pool_setipl, so fold it into pool_init. the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
Revision 1.88 / (download) - annotate - [select for diffs], Tue Aug 30 23:29:04 2016 UTC (7 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.87: +6 -4 lines
Diff to previous 1.87 (colored)
pool_setipl ok yasuoka@
Revision 1.87 / (download) - annotate - [select for diffs], Tue Mar 22 23:53:01 2016 UTC (8 years, 2 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
dont leak an mbuf when copying the packet in pipex_mppe_output fails ok yasuoka@
Revision 1.86 / (download) - annotate - [select for diffs], Tue Mar 22 23:51:01 2016 UTC (8 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
replace m_copym2 with m_dup_pkt this gives us preallocated space at the start of the packet for headers so later calls to M_PREPEND are far less likely to fail. ok yasuoka@
Revision 1.85 / (download) - annotate - [select for diffs], Fri Mar 4 22:38:23 2016 UTC (8 years, 3 months ago) by sashan
Branch: MAIN
Changes since 1.84: +5 -1 lines
Diff to previous 1.84 (colored)
- putting back KASSERT(), which I've backed out on Jan 31 We don't expect inbound packets to come to PF with statekey attached. - I've also found missing call to pf_pkt_addr_changed() at various places, which needs to get fixed to prevent KASSERT() from firing. OK mpi@, sthen@
Revision 1.84 / (download) - annotate - [select for diffs], Tue Nov 3 21:33:56 2015 UTC (8 years, 7 months ago) by chl
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.83: +1 -3 lines
Diff to previous 1.83 (colored)
Remove dead assignment and newly created unused variable. Found by LLVM/Clang Static Analyzer. ok yasuoka@ mpi@
Revision 1.83 / (download) - annotate - [select for diffs], Wed Oct 7 10:50:35 2015 UTC (8 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored)
Initialize the routing table before domains. The routing table is not an optional component of the network stack and initializing it inside the "routing domain" requires some ugly introspection in the domain interface. This put the rtable* layer at the same level of the if* level. These two subsystem are organized around the two global data structure used in the network stack: - the global &ifnet list, to be used in process context only, and - the routing table which can be read in interrupt context. This change makes the rtable_* layer domain-aware and extends the "struct domain" such that INET, INET6 and MPLS can specify the length of the binary key used in lookups. This allows us to keep, or move towards, AF-free route and rtable layers. While here stop the madness and pass the size of the maximum key length in *byte* to rn_inithead0(). ok claudio@, mikeb@
Revision 1.82 / (download) - annotate - [select for diffs], Mon Oct 5 06:51:50 2015 UTC (8 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.81: +4 -2 lines
Diff to previous 1.81 (colored)
Fix ip_is_idle_packet() to parse packets properly. diff from Yuuichi Someya
Revision 1.81 / (download) - annotate - [select for diffs], Tue Sep 22 10:09:19 2015 UTC (8 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.80: +9 -11 lines
Diff to previous 1.80 (colored)
Use the radix-tree API instead of function pointers. ok yasuoka@
Revision 1.80 / (download) - annotate - [select for diffs], Sun Sep 13 17:53:44 2015 UTC (8 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.79: +3 -2 lines
Diff to previous 1.79 (colored)
There's no point in abstracting ifp->if_output() as long as pf_test() needs to see lo0 in the output path. ok claudio@
Revision 1.79 / (download) - annotate - [select for diffs], Sat Sep 12 20:26:07 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.78: +2 -3 lines
Diff to previous 1.78 (colored)
Stop overwriting the rt_ifp pointer of RTF_LOCAL routes with lo0ifp. Use instead the RTF_LOCAL flag to loop local traffic back to the corresponding protocol queue. With this change rt_ifp is now always the same as rt_ifa->ifa_ifp. ok claudio@
Revision 1.78 / (download) - annotate - [select for diffs], Fri Sep 11 08:17:06 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
Kill yet another argument to functions in IPv6. This time ip6_output's ifpp - XXX: just for statistics ifpp is always NULL in all callers so that statistic confirms ifpp is dying OK mpi@
Revision 1.77 / (download) - annotate - [select for diffs], Fri Sep 11 07:42:35 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
Revision 1.76 / (download) - annotate - [select for diffs], Thu Sep 10 17:52:05 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (colored)
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
Revision 1.75 / (download) - annotate - [select for diffs], Fri Sep 4 08:43:39 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.74: +3 -4 lines
Diff to previous 1.74 (colored)
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument. This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization. As a bonus ``dom_maxrtkey'' is no longer used an die. ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree. ok chris@, reyk@
Revision 1.74 / (download) - annotate - [select for diffs], Tue Sep 1 21:24:04 2015 UTC (8 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.73: +9 -11 lines
Diff to previous 1.73 (colored)
Replace sockaddr casts with the proper satosin(), ... calls. From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
Revision 1.73 / (download) - annotate - [select for diffs], Mon Aug 24 14:00:28 2015 UTC (8 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.72: +19 -11 lines
Diff to previous 1.72 (colored)
In kernel initialize struct sockaddr_in and sockaddr_in6 to zero everywhere to avoid passing around pointers to uninitialized stack memory. While there, fix the call to in6_recoverscope() in fill_drlist(). OK deraadt@ mpi@
Revision 1.72 / (download) - annotate - [select for diffs], Thu Jul 16 16:12:15 2015 UTC (8 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.71: +5 -5 lines
Diff to previous 1.71 (colored)
Expand ancient NTOHL/NTOHS/HTONS/HTONL macros. ok guenther@, henning@
Revision 1.71 / (download) - annotate - [select for diffs], Wed Jul 15 22:16:42 2015 UTC (8 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.70: +11 -21 lines
Diff to previous 1.70 (colored)
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
Revision 1.70 / (download) - annotate - [select for diffs], Tue Jun 16 11:09:40 2015 UTC (8 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.69: +8 -8 lines
Diff to previous 1.69 (colored)
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
Revision 1.69 / (download) - annotate - [select for diffs], Thu Apr 23 09:45:24 2015 UTC (9 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.68: +23 -56 lines
Diff to previous 1.68 (colored)
replace the use of struct ifqueue in pipex with mbuf_queues. this has a slight semantic change. previously pipex would only process up to 128 packets on the input and output queues at a time and would reschedule the softint if there were any left. now it mq_delists the current set of pending packets and only processes them. if anything is added to the queues later they'll cause the softint to run again. this in turn lets us deprecate sysctl_ifq since nothing uses it anymore. because niqueues are mostly wrappers around mbuf_queues, we can provide sysctl_mq and just #define sysctl_niq to it. pipex bits are ok yasuoka@
Revision 1.68 / (download) - annotate - [select for diffs], Fri Apr 10 13:58:20 2015 UTC (9 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.67: +9 -26 lines
Diff to previous 1.67 (colored)
replace the use of ifqueues for most input queues serviced by netisr with niqueues. this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places by flipping all these input queues at once i can keep the currently common code common. testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
Revision 1.67 / (download) - annotate - [select for diffs], Fri Apr 10 11:02:12 2015 UTC (9 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.66: +24 -58 lines
Diff to previous 1.66 (colored)
mpi@ introduced a ph_cookie in mbuf packet headers that can be used by a subsystem to stash some state while the mbuf gets queued. eg, net80211 uses it to keep track of the wireless node associated with a packet before submitting it to a drivers snd queue for transmission. this makes pipex use ph_cookie to keep track of the pipex session associated with a packet before submitting it to the softint queues. this lets us get rid of an mbuf tag type, and avoids the cost of tag allocation. ok yasuoka@
Revision 1.66 / (download) - annotate - [select for diffs], Wed Mar 18 12:23:15 2015 UTC (9 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.65: +3 -5 lines
Diff to previous 1.65 (colored)
remove the congestion handling from struct ifqueue. its only used for the ip and ip6 network stack input queues, so it seems unfair that every instance of ifqueue has to carry a pointer around for this specific use case. this moves the congestion marker to a kernel global. if we detect that we're congested, we assume the whole system is busy and punish all input queues. marking a system as congested is done by setting the global to the current value of ticks. as the system moves away from that value, it moves away from being congested until the comparison fails. written at s2k15 ok henning@ beck@ bluhm@ claudio@
Revision 1.65 / (download) - annotate - [select for diffs], Fri Dec 19 17:14:40 2014 UTC (9 years, 5 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.64: +1 -3 lines
Diff to previous 1.64 (colored)
unifdef INET in net code as a precursor to removing the pretend option. long live the one true internet. ok henning mikeb
Revision 1.48.4.1 / (download) - annotate - [select for diffs], Mon Dec 1 06:59:03 2014 UTC (9 years, 6 months ago) by yasuoka
Branch: OPENBSD_5_5
Changes since 1.48: +14 -2 lines
Diff to previous 1.48 (colored) next main 1.49 (colored)
Check the header fields of GRE and MPPE packets strictly.
Revision 1.55.4.1 / (download) - annotate - [select for diffs], Mon Dec 1 06:57:33 2014 UTC (9 years, 6 months ago) by yasuoka
Branch: OPENBSD_5_6
Changes since 1.55: +14 -2 lines
Diff to previous 1.55 (colored) next main 1.56 (colored)
Check the header fields of GRE and MPPE packets strictly.
Revision 1.64 / (download) - annotate - [select for diffs], Mon Dec 1 06:55:05 2014 UTC (9 years, 6 months ago) by yasuoka
Branch: MAIN
Changes since 1.63: +14 -2 lines
Diff to previous 1.63 (colored)
Check the header fields of GRE and MPPE packets strictly.
Revision 1.63 / (download) - annotate - [select for diffs], Thu Nov 20 14:51:42 2014 UTC (9 years, 6 months ago) by krw
Branch: MAIN
Changes since 1.62: +1 -3 lines
Diff to previous 1.62 (colored)
Yet more #include de-duplication. ok deraadt@ tedu@
Revision 1.62 / (download) - annotate - [select for diffs], Tue Nov 4 15:24:40 2014 UTC (9 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.61: +4 -4 lines
Diff to previous 1.61 (colored)
Remove "pl" suffix on pool names. ok dlg@, uebayasi@, mikeb@
Revision 1.61 / (download) - annotate - [select for diffs], Tue Oct 28 09:45:37 2014 UTC (9 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.60: +22 -3 lines
Diff to previous 1.60 (colored)
Fix pipex(4) to return multicast packets to the caller so that npppd can handle them. Also use M_NOWAIT for copying a multicast packet.
Revision 1.60 / (download) - annotate - [select for diffs], Tue Oct 28 09:15:09 2014 UTC (9 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.59: +8 -5 lines
Diff to previous 1.59 (colored)
Initialize the lists of the hash tables and the virtual pipex sesssion for multicast in proper way.
Revision 1.59 / (download) - annotate - [select for diffs], Tue Oct 28 09:10:21 2014 UTC (9 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.58: +2 -1 lines
Diff to previous 1.58 (colored)
Fix pipex(4) to initialize DF bit in IP header for L2TP message. Without this, the packets larger than the minimum MTU on the routes to the L2TP peer had been dropped.
Revision 1.58 / (download) - annotate - [select for diffs], Tue Oct 21 10:52:53 2014 UTC (9 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.57: +15 -5 lines
Diff to previous 1.57 (colored)
tun(4) has a pipex session which is used for multicast internally, it wasn't freeed when the interface is destroyed. Free it properly. ok dlg
Revision 1.57 / (download) - annotate - [select for diffs], Mon Oct 20 16:33:32 2014 UTC (9 years, 7 months ago) by uebayasi
Branch: MAIN
Changes since 1.56: +20 -12 lines
Diff to previous 1.56 (colored)
pipex(4): Converted to use pool(9) OK blambert@ yasuoka@
Revision 1.56 / (download) - annotate - [select for diffs], Sat Oct 18 19:28:02 2014 UTC (9 years, 7 months ago) by uebayasi
Branch: MAIN
Changes since 1.55: +43 -43 lines
Diff to previous 1.55 (colored)
Whitespace.
Revision 1.55 / (download) - annotate - [select for diffs], Tue Jul 22 11:06:10 2014 UTC (9 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE
Branch point for: OPENBSD_5_6
Changes since 1.54: +1 -2 lines
Diff to previous 1.54 (colored)
Fewer <netinet/in_systm.h> !
Revision 1.54 / (download) - annotate - [select for diffs], Sat Jul 12 18:44:22 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.53: +9 -9 lines
Diff to previous 1.53 (colored)
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jun 13 06:47:09 2014 UTC (10 years ago) by yasuoka
Branch: MAIN
Changes since 1.52: +9 -2 lines
Diff to previous 1.52 (colored)
KASSERT in pipex_ppp_input() fails if a compressed PPP frame is received by the pipex session whose mppe is not accepted. Fix ppp_common_input() to not pass such frames to pipex.
Revision 1.52 / (download) - annotate - [select for diffs], Fri Jun 13 06:44:11 2014 UTC (10 years ago) by yasuoka
Branch: MAIN
Changes since 1.51: +4 -5 lines
Diff to previous 1.51 (colored)
Fix KASSERT on pipex_ppp_input(). Must not reached there even if the tunneling protocol is PPPoE.
Revision 1.51 / (download) - annotate - [select for diffs], Fri Jun 13 06:35:58 2014 UTC (10 years ago) by yasuoka
Branch: MAIN
Changes since 1.50: +6 -2 lines
Diff to previous 1.50 (colored)
Fix tcp-mss-adjust of pipex and npppd to update the pointer of tcp option and check the boundary correctly.
Revision 1.50 / (download) - annotate - [select for diffs], Mon Apr 21 12:22:25 2014 UTC (10 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)
ip_output() using varargs always struck me as bizarre, esp since it's only ever used to pass on uint32 (for ipsec). stop that madness and just pass the uint32, 0 in all cases but the two that pass the ipsec flowinfo. ok deraadt reyk guenther
Revision 1.49 / (download) - annotate - [select for diffs], Fri Apr 18 22:23:50 2014 UTC (10 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.48: +3 -3 lines
Diff to previous 1.48 (colored)
There is no need to initialize globals to 0.
Revision 1.48 / (download) - annotate - [select for diffs], Mon Nov 11 09:15:34 2013 UTC (10 years, 7 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE
Branch point for: OPENBSD_5_5
Changes since 1.47: +9 -4 lines
Diff to previous 1.47 (colored)
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop(). The few remaining functions will be soon converted. ok mikeb@, deraadt@ and moral support from henning@
Revision 1.47 / (download) - annotate - [select for diffs], Thu Oct 24 11:31:43 2013 UTC (10 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.46: +1 -2 lines
Diff to previous 1.46 (colored)
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h. ok deraadt@
Revision 1.46 / (download) - annotate - [select for diffs], Wed Oct 23 15:12:42 2013 UTC (10 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.45: +1 -2 lines
Diff to previous 1.45 (colored)
Remove the number of in_var.h inclusions by moving some functions and global variables to in.h. ok mikeb@, deraadt@
Revision 1.45 / (download) - annotate - [select for diffs], Sat Oct 19 10:51:41 2013 UTC (10 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.44: +3 -12 lines
Diff to previous 1.44 (colored)
simplify checksum handling. no need to compute the pseudo hdr cksum in the v4 case any more, and computing the cksum in the v6 case isn't needed either. ok florian lteo
Revision 1.44 / (download) - annotate - [select for diffs], Thu Oct 17 16:27:43 2013 UTC (10 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
Revision 1.43 / (download) - annotate - [select for diffs], Fri Sep 20 08:11:55 2013 UTC (10 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.42: +9 -6 lines
Diff to previous 1.42 (colored)
Fix a panic bug in pipex. If pipex deletes a session by the idle-timer when the userland program (npppd) is dead or frozen, the session remains in state_list after it is destroyed, it will be used after free.
Revision 1.42 / (download) - annotate - [select for diffs], Sat Jun 8 14:24:38 2013 UTC (11 years ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.41: +9 -5 lines
Diff to previous 1.41 (colored)
Add new sysctl for pipex packet input/output queue length and counters. ok guenther, feedback jmc
Revision 1.41 / (download) - annotate - [select for diffs], Tue Apr 16 07:36:55 2013 UTC (11 years, 1 month ago) by yasuoka
Branch: MAIN
Changes since 1.40: +10 -10 lines
Diff to previous 1.40 (colored)
When pipex session is terminated by idle timer, there was a problem that the session is removed from the pipex_closed_wait_list twice, fixed it. It always causes panic because QUEUE_MACRO_DEBUG is enabled by default. Also remove some needless (struct pipex_session *) casts.
Revision 1.40 / (download) - annotate - [select for diffs], Thu Mar 28 23:10:05 2013 UTC (11 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.39: +2 -1 lines
Diff to previous 1.39 (colored)
code that calls timeout functions should include timeout.h slipped by on i386, but the zaurus doesn't automagically pick it up. spotted by patrick
Revision 1.39 / (download) - annotate - [select for diffs], Thu Mar 28 16:45:16 2013 UTC (11 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.38: +1 -2 lines
Diff to previous 1.38 (colored)
no need for a lot of code to include proc.h
Revision 1.38 / (download) - annotate - [select for diffs], Wed Feb 13 22:10:38 2013 UTC (11 years, 3 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.37: +13 -3 lines
Diff to previous 1.37 (colored)
Pipex did panic when the 0 length mppe is given by ioctl. Return EINVAL instead of panic. Also npppd called ioctl with the invalid argument because of the bugs introduced by the config parser change commit. Fixed those bugs and make sure not to use 0 length keys for MPPE. reported by csszep at gmail and giovanni ok giovanni
Revision 1.37 / (download) - annotate - [select for diffs], Fri Dec 14 01:19:26 2012 UTC (11 years, 5 months ago) by dlg
Branch: MAIN
Changes since 1.36: +2 -4 lines
Diff to previous 1.36 (colored)
oops, debug printf sneaked in. i must be out of practice. spotted by krw@, poked by jmatthew@
Revision 1.36 / (download) - annotate - [select for diffs], Thu Dec 13 06:59:36 2012 UTC (11 years, 6 months ago) by dlg
Branch: MAIN
Changes since 1.35: +6 -1 lines
Diff to previous 1.35 (colored)
pipex_init can be called multiple times (by whatever subsystems want to use it), so return early if the work has already been done. ok yasuoka@ jmatthew@
Revision 1.35 / (download) - annotate - [select for diffs], Fri Sep 28 16:09:05 2012 UTC (11 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
fix adress family for ipv6 bpf packet capture; ok yasuoka
Revision 1.34 / (download) - annotate - [select for diffs], Wed Sep 19 22:37:23 2012 UTC (11 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
ioctl requests are u_long not int, spotted via clang ok deraadt@ miod@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Sep 19 17:50:17 2012 UTC (11 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.32: +25 -26 lines
Diff to previous 1.32 (colored)
cleanup around the pipex. naming style, delete or update comments. no functional changes.
Revision 1.32 / (download) - annotate - [select for diffs], Mon Sep 10 07:20:58 2012 UTC (11 years, 9 months ago) by yasuoka
Branch: MAIN
Changes since 1.31: +7 -2 lines
Diff to previous 1.31 (colored)
drop the unencrypted packets when the MPPE is required. This was missing on IPv6 path only. From brad
Revision 1.31 / (download) - annotate - [select for diffs], Mon Sep 10 07:14:33 2012 UTC (11 years, 9 months ago) by yasuoka
Branch: MAIN
Changes since 1.30: +3 -1 lines
Diff to previous 1.30 (colored)
add missing the congestion indicator code on IPv6 path. From brad
Revision 1.30 / (download) - annotate - [select for diffs], Tue Jul 17 03:18:57 2012 UTC (11 years, 10 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.29: +7 -3 lines
Diff to previous 1.29 (colored)
use IPsec flowinfo on pipex(4) to select the IPsec tunnel for sending L2TP packets. ok markus henning
Revision 1.29 / (download) - annotate - [select for diffs], Sat May 5 14:48:51 2012 UTC (12 years, 1 month ago) by yasuoka
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
pipex_ip6_input() called IF_DROP() with incorrect queue. diff from blambert
Revision 1.28 / (download) - annotate - [select for diffs], Sun Apr 22 15:27:24 2012 UTC (12 years, 1 month ago) by yasuoka
Branch: MAIN
Changes since 1.27: +2 -23 lines
Diff to previous 1.27 (colored)
Remove redundant returns from functions returning void. Wrap return values in () for consistency. diff from Michael W. Bombardieri. ok sthen dlg mikeb
Revision 1.27 / (download) - annotate - [select for diffs], Wed Apr 4 04:31:38 2012 UTC (12 years, 2 months ago) by yasuoka
Branch: MAIN
Changes since 1.26: +5 -2 lines
Diff to previous 1.26 (colored)
pipex hook in udp_usrreq() mistakenly assumed that `inp' is connected. It could not use the destination address properly, so it failed to find the pipex session. This bug caused LCP keepalive failures on some clients. found and tested by sebastia@ and mxb at alumni.chalmers.se. ok sthen
Revision 1.26 / (download) - annotate - [select for diffs], Tue Jan 31 12:04:20 2012 UTC (12 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.25: +16 -1 lines
Diff to previous 1.25 (colored)
add missing calls to pf_pkt_addr_changed(); ok henning@
Revision 1.25 / (download) - annotate - [select for diffs], Mon Jan 23 03:36:21 2012 UTC (12 years, 4 months ago) by yasuoka
Branch: MAIN
Changes since 1.24: +11 -10 lines
Diff to previous 1.24 (colored)
The ingress filter of pipex and npppd become configurable and disabled by default. After this change we need to add ppp.ingress_filter: true to npppd.conf if it is needed. ok sthen
Revision 1.24 / (download) - annotate - [select for diffs], Wed Jan 18 02:02:53 2012 UTC (12 years, 4 months ago) by yasuoka
Branch: MAIN
Changes since 1.23: +4 -8 lines
Diff to previous 1.23 (colored)
Fix a problem that causes LCP keepalive timeout. In case the ack number of a packet that is passed to the userland has not incremented, `pipex' passed the packet mistakenly with invalid ack number. Then `npppd' will drop these packets, so that caused the problem. tested jmatthew ok jmatthew
Revision 1.23 / (download) - annotate - [select for diffs], Fri Nov 25 13:05:06 2011 UTC (12 years, 6 months ago) by yasuoka
Branch: MAIN
Changes since 1.22: +10 -2 lines
Diff to previous 1.22 (colored)
fix compile errors without INET6. no binary change. pointed out by Julien Crapovich on misc@ ok deraadt mikeb
Revision 1.22 / (download) - annotate - [select for diffs], Sat Oct 15 03:24:11 2011 UTC (12 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.21: +148 -58 lines
Diff to previous 1.21 (colored)
Added "provision for rewound PPP frames" that allows receiving reorder packets to pass to the upper layer without reorder. It will improve performance (throughput or loss rate) for PPTP or L2TP(/IPesc) on networks that latency is unstable such as mobile network. As our test environment (bandwidth: 6Mbps, latency: 50ms for 97% of traffic and 52ms for rest of traffic), throughput has changed from 0.76MB to 2.17MB on file upload by PPTP connected Windows Vista ftp.exe. Developed by UMEZAWA Takeshi at IIJ. ok jmatthew@ tested jmatthew@ and myself.
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 9 04:11:15 2011 UTC (12 years, 11 months ago) by dhill
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.20: +10 -4 lines
Diff to previous 1.20 (colored)
honor the net.inet.udp.checksum setting. ok claudio henning yasuoka
Revision 1.20 / (download) - annotate - [select for diffs], Fri Jul 8 19:34:04 2011 UTC (12 years, 11 months ago) by yasuoka
Branch: MAIN
Changes since 1.19: +82 -127 lines
Diff to previous 1.19 (colored)
Last part of pipex_{pppoe,l2tp,pptp}_input() are almost identical.
Integrate them into pipex_common_input().
ok hsuenaga@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Jul 8 18:30:17 2011 UTC (12 years, 11 months ago) by yasuoka
Branch: MAIN
Changes since 1.18: +21 -1 lines
Diff to previous 1.18 (colored)
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers. discussed with dlg@, ok deraadt@ mcbride@ claudio@
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jul 7 22:32:51 2011 UTC (12 years, 11 months ago) by mcbride
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
We should not have any direct initialization of ifq structures. (in this case it's unnecessary, bss is initialized to zero at boot) ok henning
Revision 1.17 / (download) - annotate - [select for diffs], Tue Apr 5 18:01:21 2011 UTC (13 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
mechanic rename M_{TCP|UDP}V4_CSUM_OUT -> M_{TCP|UDP}_CSUM_OUT
ok claudio krw
Revision 1.16 / (download) - annotate - [select for diffs], Mon Mar 14 06:53:33 2011 UTC (13 years, 3 months ago) by yasuoka
Branch: MAIN
Changes since 1.15: +7 -8 lines
Diff to previous 1.15 (colored)
fixed a use-after-free bug introduced at 1.7 in pipex_mppe_output(). ok dlg@ tested by jono
Revision 1.15 / (download) - annotate - [select for diffs], Thu Feb 24 04:21:34 2011 UTC (13 years, 3 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.14: +6 -3 lines
Diff to previous 1.14 (colored)
Don't use address and control field on PPPoE, they must not be used as the protocol.
Revision 1.14 / (download) - annotate - [select for diffs], Fri Jan 28 06:43:00 2011 UTC (13 years, 4 months ago) by dlg
Branch: MAIN
Changes since 1.13: +11 -4 lines
Diff to previous 1.13 (colored)
make sure that the size of the addresses userland is trying to configure make sense, not just the family. from jonathan matthew ok yasuoka@
Revision 1.13 / (download) - annotate - [select for diffs], Wed Sep 29 22:15:54 2010 UTC (13 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.12: +14 -6 lines
Diff to previous 1.12 (colored)
pipex_pptp_userland_output() calls always m_pullup() 16 bytes to the GRE message. But when npppd send a ack-only GRE message, the message will be only 12 bytes, so the m_pullup() will fail. call m_pullup() with proper length.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Sep 28 14:14:54 2010 UTC (13 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.11: +4 -5 lines
Diff to previous 1.11 (colored)
wrap long line. correct indent. delete a useless comment. OK djm@ claudio@ dlg@
Revision 1.11 / (download) - annotate - [select for diffs], Sun Sep 26 07:04:43 2010 UTC (13 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.10: +1 -2 lines
Diff to previous 1.10 (colored)
Length field in L2TP header was broken.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Sep 24 14:50:30 2010 UTC (13 years, 8 months ago) by hsuenaga
Branch: MAIN
Changes since 1.9: +797 -76 lines
Diff to previous 1.9 (colored)
Add L2TP support to PIPEX. We can use IPv6 address as outer header of L2TP. Kernel ABI is changed. You must update npppd. OK @claudio, yasuoka@, dlg@
Revision 1.9 / (download) - annotate - [select for diffs], Wed Sep 22 13:03:48 2010 UTC (13 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.8: +7 -6 lines
Diff to previous 1.8 (colored)
Add a new interface pppx(4) -- the ppp multiplexer to be used with npppd and pipex. pppx(4) creates an interface whenever a session is created so that altq and pf can work on these. Started by dlg@ debugged and made usable by myself OK dlg@ yasuoka@ deraadt@
Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 21 07:44:54 2010 UTC (13 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.7: +15 -19 lines
Diff to previous 1.7 (colored)
Cleanup handlings for memory shortage condition: - use rn_inithead0() instead of rn_inithead() to avoid failures on memory shortage. - delete a needless failure handling for malloc(,M_WAITOK) in pipex_add_session(). pointed out by blambert@. ok hsuenaga@
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jul 9 08:36:31 2010 UTC (13 years, 11 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.6: +28 -28 lines
Diff to previous 1.6 (colored)
Modified to make sure that pipex_mppe_ouput() keeps the packet 32bit aligned. OK claudio@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jul 8 08:40:29 2010 UTC (13 years, 11 months ago) by yasuoka
Branch: MAIN
Changes since 1.5: +25 -23 lines
Diff to previous 1.5 (colored)
pipex didn't work on output. Fixed following problems: - pipex failed to lookup the radix tree because address and netmask were not initialized. - pipex used wrong place as a ip header because it didn't adjust 32bit address family header that are added at tun_output.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Jul 3 00:16:07 2010 UTC (13 years, 11 months ago) by yasuoka
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
s/$Id$/$OpenBSD$/
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jul 2 02:40:16 2010 UTC (13 years, 11 months ago) by blambert
Branch: MAIN
Changes since 1.3: +3 -2 lines
Diff to previous 1.3 (colored)
m_copyback can fail to allocate memory, but is a void fucntion so gymnastics are required to detect that. Change the function to take a wait argument (used in nfs server, but M_NOWAIT everywhere else for now) and to return an error ok claudio@ henning@ krw@
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jan 13 07:23:38 2010 UTC (14 years, 5 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.2: +131 -366 lines
Diff to previous 1.2 (colored)
cleanup pipex code. ok henning@
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jan 13 06:05:47 2010 UTC (14 years, 5 months ago) by dlg
Branch: MAIN
Changes since 1.1: +36 -36 lines
Diff to previous 1.1 (colored)
replace static on functions with Static so openbsd can define it away to nothing. this lets us see functions in ddb, while not hurting the ability to share the code with other projects. idea borrowed from the usb stack. ok yasuoka@
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jan 11 03:50:56 2010 UTC (14 years, 5 months ago) by yasuoka
Branch: MAIN
Initial import PIPEX. PIPEX(Pppac IP EXtension) is a IP forwarding acceleration for PPP access concentrator. ok mcbride@ dlg@ deraadt@ reyk@.