![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / netinet
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.302 / (download) - annotate - [select for diffs], Fri Apr 19 10:13:58 2024 UTC (7 weeks, 3 days ago) by bluhm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.301: +4 -3 lines
Diff to previous 1.301 (colored)
Merge IPv4 and IPv6 options in inpcb. A internet PCB has either inp_options or inp_outputopts6. Put them into a common anonymous union. OK mvs@ kn@
Revision 1.301 / (download) - annotate - [select for diffs], Wed Apr 17 20:48:51 2024 UTC (7 weeks, 5 days ago) by bluhm
Branch: MAIN
Changes since 1.300: +5 -5 lines
Diff to previous 1.300 (colored)
Use struct ipsec_level within inpcb. Instead of passing around u_char[4], introduce struct ipsec_level that contains 4 ipsec levels. This provides better type safety. The embedding struct inpcb is globally visible for netstat(1), so put struct ipsec_level outside of #ifdef _KERNEL. OK deraadt@ mvs@
Revision 1.300 / (download) - annotate - [select for diffs], Fri Apr 12 16:07:09 2024 UTC (8 weeks, 3 days ago) by bluhm
Branch: MAIN
Changes since 1.299: +8 -16 lines
Diff to previous 1.299 (colored)
Split single TCP inpcb table into IPv4 and IPv6 parts. With two separate TCP hash tables, each one becomes smaller. When we remove the exclusive net lock from TCP, contention on internet PCB table mutex will be reduced. UDP has been split earlier into IPv4 and IPv6. Replace branch conditions based on INP_IPV6 with assertions. OK mvs@
Revision 1.299 / (download) - annotate - [select for diffs], Sun Mar 31 15:53:12 2024 UTC (2 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.298: +9 -20 lines
Diff to previous 1.298 (colored)
Combine route_cache() and rtalloc_mpath() in new route_mpath(). Fill and check the cache and call rtalloc_mpath() together. Then the caller of route_mpath() does not have to care about the uint32_t *src pointer and just pass struct in_addr. All the conversions are done inside the functions. A previous version of this diff was backed out. There was an additional rtisvalid() in rtalloc_mpath() that prevented packet output via interfaces that were not up. Now the route in the cache has to be valid, but after new lookup, rtalloc_mpath() may return invalid routes. This generates less errors in userland an preserves existing behavior. OK sashan@
Revision 1.298 / (download) - annotate - [select for diffs], Fri Mar 22 21:48:38 2024 UTC (2 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.297: +2 -6 lines
Diff to previous 1.297 (colored)
Remove padding from union inpaddru. Alignment of IPv4 address with lower part of IPv6 address looks like a leftover from times when IPv6 compatible addresses should contain IPv4 addreses. Better use a simple union for both IPv4 and IPv6 addresses like everywhere else. Use this type also for common zero address. OK mvs@
Revision 1.297 / (download) - annotate - [select for diffs], Fri Mar 22 18:05:01 2024 UTC (2 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.296: +5 -5 lines
Diff to previous 1.296 (colored)
Make local port which is bound during connect(2) unique per laddr. in_pcbconnect() did not pass down the address it got from in_pcbselsrc() to in_pcbpickport(). As a consequence local port numbers selected during connect(2) were globally unique although they belong to different addresses. This strict uniqueness is not necessary and wastes usable ports for outgoing connections. To solve this, pass ina from in_pcbconnect() to in_pcbbind_locked(). This does not interfere how wildcard sockets are matched with specific sockets during bind(2). It only allows non-wildcard sockets to share a local port during connect(2). OK mvs@ deraadt@
Revision 1.296 / (download) - annotate - [select for diffs], Thu Feb 29 12:01:59 2024 UTC (3 months, 1 week ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.295: +19 -7 lines
Diff to previous 1.295 (colored)
revert "Combine route_cache() and rtalloc_mpath() in new route_mpath()" It breaks NFS. ok claudio@
Revision 1.295 / (download) - annotate - [select for diffs], Tue Feb 27 12:37:49 2024 UTC (3 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.294: +8 -20 lines
Diff to previous 1.294 (colored)
Combine route_cache() and rtalloc_mpath() in new route_mpath(). Fill and check the cache and call rtalloc_mpath() together. Then the caller of route_mpath() does not have to care about the uint32_t *src pointer and just pass struct in_addr. All the conversions are done inside the functions. ro->ro_rt is either valid or NULL. Note that some places have a stricter rtisvalid() now compared to the previous NULL check. OK claudio@
Revision 1.294 / (download) - annotate - [select for diffs], Thu Feb 22 14:25:58 2024 UTC (3 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.293: +4 -3 lines
Diff to previous 1.293 (colored)
Make the route cache aware of multipath routing. Pass source address to route_cache() and store it in struct route. Cached multipath routes are only valid if source address matches. If sysctl multipath changes, increase route generation number. OK claudio@
Revision 1.293 / (download) - annotate - [select for diffs], Tue Feb 13 12:22:09 2024 UTC (3 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.292: +3 -3 lines
Diff to previous 1.292 (colored)
Merge struct route and struct route_in6. Use a common struct route for both inet and inet6. Unfortunately struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has to be exposed from net/route.h. Struct route has to be bsd visible for userland as netstat kvm code inspects inp_route. Internet PCB and TCP SYN cache can use a plain struct route now. All specific sockaddr types for inet and inet6 are embeded there. OK claudio@
Revision 1.292 / (download) - annotate - [select for diffs], Sun Feb 11 01:27:45 2024 UTC (3 months, 4 weeks ago) by bluhm
Branch: MAIN
Changes since 1.291: +2 -1 lines
Diff to previous 1.291 (colored)
Remove include netinet6/ip6_var.h from netinet/in_pcb.h. OK mvs@
Revision 1.291 / (download) - annotate - [select for diffs], Fri Feb 9 14:02:11 2024 UTC (4 months ago) by bluhm
Branch: MAIN
Changes since 1.290: +3 -22 lines
Diff to previous 1.290 (colored)
Route cache function returns hit or miss. The route_cache() function can easily return whether it was a cache hit or miss. Then the logic to perform a route lookup gets a bit simpler. Some more complicated if (ro->ro_rt == NULL) checks still exist elsewhere. Also use route cache in in_pcbselsrc() instead of filling struct route manually. OK claudio@
Revision 1.290 / (download) - annotate - [select for diffs], Wed Feb 7 23:40:40 2024 UTC (4 months ago) by bluhm
Branch: MAIN
Changes since 1.289: +4 -18 lines
Diff to previous 1.289 (colored)
Use the route generation number also for IPv6. Implement route6_cache() to check whether the cached route is still valid and otherwise fill caching parameter of struct route_in6. Also count cache hits and misses in netstat. in_pcbrtentry() uses route cache now. OK claudio@
Revision 1.289 / (download) - annotate - [select for diffs], Fri Feb 2 15:39:23 2024 UTC (4 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.288: +2 -2 lines
Diff to previous 1.288 (colored)
In in_pcbrtentry() add missing return of in6_pcbrtentry() value. Reported-by: syzbot+5f2286d5962355f0cfd8@syzkaller.appspotmail.com OK kn@
Revision 1.288 / (download) - annotate - [select for diffs], Wed Jan 31 12:27:57 2024 UTC (4 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.287: +14 -27 lines
Diff to previous 1.287 (colored)
Split in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6. Splitting the IPv6 code into a separate function results in less #ifdef INET6. Also struct route_in6 *ro in in6_pcbrtentry() is of the correct type and in_pcbrtentry() does not rely on the fact that inp_route and inp_route6 are pointers to the same union. OK kn@ claudio@
Revision 1.287 / (download) - annotate - [select for diffs], Sun Jan 28 20:34:25 2024 UTC (4 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.286: +5 -9 lines
Diff to previous 1.286 (colored)
Use more specific sockaddr type for inpcb notify. in_pcbnotifyall() is an IPv4 only function. All callers check that sockaddr dst is in fact a sockaddr_in. Pass the more spcific type and remove the runtime check at beginning of in_pcbnotifyall(). Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6 in6_pcbnotify() as dst parameter. OK millert@
Revision 1.286 / (download) - annotate - [select for diffs], Fri Jan 19 02:24:07 2024 UTC (4 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.285: +10 -3 lines
Diff to previous 1.285 (colored)
Unify inpcb API for inet and inet6. Many functions for IPv4 call their IPv6 counterpart if INP_IPV6 is set at the socket's pcb. By using the generic API consistently, the logic is not in the caller it gets more readable. OK mvs@
Revision 1.285 / (download) - annotate - [select for diffs], Thu Jan 18 11:03:16 2024 UTC (4 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.284: +5 -1 lines
Diff to previous 1.284 (colored)
Move the rtable_exists() check into in_pcbset_rtableid(). OK bluhm@ mvs@
Revision 1.284 / (download) - annotate - [select for diffs], Tue Jan 9 19:57:00 2024 UTC (5 months ago) by bluhm
Branch: MAIN
Changes since 1.283: +7 -7 lines
Diff to previous 1.283 (colored)
Convert some struct inpcb parameter to const pointer. OK millert@
Revision 1.283 / (download) - annotate - [select for diffs], Mon Jan 1 22:16:51 2024 UTC (5 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.282: +5 -21 lines
Diff to previous 1.282 (colored)
Protect link between pf and inp with mutex. Introduce global mutex to protect the pointers between pf state key and internet PCB. Then in_pcbdisconnect() and in_pcbdetach() do not need exclusive netlock anymore. Use a bunch of read once unlocked access to reduce performance impact. OK sashan@
Revision 1.282 / (download) - annotate - [select for diffs], Thu Dec 7 16:08:30 2023 UTC (6 months ago) by bluhm
Branch: MAIN
Changes since 1.281: +105 -42 lines
Diff to previous 1.281 (colored)
Inpcb table mutex protects addr and port during bind(2) and connect(2). in_pcbbind(), in_pcbconnect(), and in6_pcbconnect() have to set addresses and ports within the same critical section as the inpcb hash table calculation. Also lookup and address selection have to be protected to avoid bindings and connections that are not unique. For that in_pcbpickport() and in_pcbbind_locked() expect that the table mutex is already taken. The functions in_pcblookup_lock(), in_pcblookup_local_lock(), and in_pcbaddrisavail_lock() grab the mutex iff the lock parameter is IN_PCBLOCK_GRAB. Otherwise the parameter is IN_PCBLOCK_HOLD has the lock has to be taken already. Note that in_pcblookup_lock() and in_pcblookup_local() return an inp with increased reference iff they take and release the lock. Otherwise the caller protects the life time of the inp. This gives enough flexibility that in_pcbbind() and in_pcbconnect() can hold the table mutex when they need it. The public inpcb API does not change. OK sashan@ mvs@
Revision 1.281 / (download) - annotate - [select for diffs], Sun Dec 3 20:24:17 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.280: +25 -33 lines
Diff to previous 1.280 (colored)
Use INP_IPV6 flag instead of sotopf(). During initialization in_pcballoc() sets INP_IPV6 once to avoid reaching through inp_socket->so_proto->pr_domain->dom_family. Use this flag consistently. OK sashan@ mvs@
Revision 1.280 / (download) - annotate - [select for diffs], Fri Dec 1 15:30:46 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.279: +95 -16 lines
Diff to previous 1.279 (colored)
Set inp address, port and rtable together with inpcb hash. The inpcb hash table is protected by table->inpt_mtx. The hash is based on addresses, ports, and routing table. These fields were not sychronized with the hash. Put writes and hash update into the same critical section. Move the updates from ip_ctloutput(), ip6_ctloutput(), syn_cache_get(), tcp_connect(), udp_disconnect() to dedicated inpcb set functions. There they use the same table mutex as in_pcbrehash(). in_pcbbind(), in_pcbconnect(), and in6_pcbconnect() need more work and are not included yet. OK sashan@ mvs@
Revision 1.279 / (download) - annotate - [select for diffs], Wed Nov 29 18:30:48 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.278: +2 -3 lines
Diff to previous 1.278 (colored)
Document inp_socket as immutable and remove NULL checks. Struct inpcb field inp_socket is initialized in in_pcballoc(). It is not NULL and never changed. OK mvs@
Revision 1.278 / (download) - annotate - [select for diffs], Sun Nov 12 23:19:14 2023 UTC (6 months, 4 weeks ago) by bluhm
Branch: MAIN
Changes since 1.277: +9 -9 lines
Diff to previous 1.277 (colored)
Declare global variable zeroin46_addr as const. OK mvs@ jca@
Revision 1.277 / (download) - annotate - [select for diffs], Sat Jun 24 20:54:46 2023 UTC (11 months, 2 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.276: +35 -23 lines
Diff to previous 1.276 (colored)
Calculate inet PCB SIP hash without table mutex. Goal is to run UDP input in parallel. Btrace kstack analysis shows that SIP hash for PCB lookup is quite expensive. When running in parallel, there is also lock contention on the PCB table mutex. It results in better performance to calculate the hash value before taking the mutex. The hash secret has to be constant as hash calculation must not depend on values protected by the table mutex. Do not reseed anymore when hash table gets resized. Analysis also shows that asserting a rw_lock while holding a mutex is a bit expensive. Just remove the netlock assert. OK dlg@ mvs@
Revision 1.276 / (download) - annotate - [select for diffs], Mon Oct 3 16:43:52 2022 UTC (20 months, 1 week ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.275: +4 -3 lines
Diff to previous 1.275 (colored)
System calls should not fail due to temporary memory shortage in malloc(9) or pool_get(9). Pass down a wait flag to pru_attach(). During syscall socket(2) it is ok to wait, this logic was missing for internet pcb. Pfkey and route sockets were already waiting. sonewconn() must not wait when called during TCP 3-way handshake. This logic has been preserved. Unix domain stream socket connect(2) can wait until the other side has created the socket to accept. OK mvs@
Revision 1.275 / (download) - annotate - [select for diffs], Sat Sep 3 22:43:38 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.274: +12 -1 lines
Diff to previous 1.274 (colored)
Move PRU_PEERADDR request to (*pru_peeraddr)().
Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.
Also remove *_usrreq() handlers.
ok bluhm@
Revision 1.274 / (download) - annotate - [select for diffs], Sat Sep 3 18:48:50 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.273: +12 -1 lines
Diff to previous 1.273 (colored)
Move PRU_SOCKADDR request to (*pru_sockaddr)()
Introduce in{,6}_sockaddr() functions, and use them for all except tcp(4)
inet sockets. For tcp(4) sockets use tcp_sockaddr() to keep debug ability.
The key management and route domain sockets returns EINVAL error for
PRU_SOCKADDR request, so keep this behaviour for a while instead of make
pru_sockaddr handler optional and return EOPNOTSUPP.
ok bluhm@
Revision 1.273 / (download) - annotate - [select for diffs], Tue Aug 30 11:53:04 2022 UTC (21 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.272: +64 -94 lines
Diff to previous 1.272 (colored)
Refactor internet PCB lookup function. Rename in_pcbhashlookup() so the public API is in_pcblookup() and in_pcblookup_listen(). For internal use introduce in_pcbhash_insert() and in_pcbhash_lookup() to avoid code duplication. Routing domain is unsigned, change the type to u_int. OK mvs@
Revision 1.272 / (download) - annotate - [select for diffs], Mon Aug 22 10:37:27 2022 UTC (21 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.271: +13 -3 lines
Diff to previous 1.271 (colored)
Use rwlock per inpcb table to protect notify list. The notify function may sleep, so holding a mutex is not possible. The same list entry and rwlock is used for UDP multicast and raw IP delivery. By adding a write lock, exclusive netlock is no longer necessary for PCB notify and UDP and raw IP input. OK mvs@
Revision 1.271 / (download) - annotate - [select for diffs], Sun Aug 21 11:44:53 2022 UTC (21 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.270: +2 -1 lines
Diff to previous 1.270 (colored)
Introduce a mutex per inpcb to serialize access to socket receive buffer. Later it may be used to protect more of the PCB or socket. In divert input replace the kernel lock with this mutex. OK mvs@
Revision 1.270 / (download) - annotate - [select for diffs], Mon Aug 8 12:06:30 2022 UTC (22 months ago) by bluhm
Branch: MAIN
Changes since 1.269: +51 -27 lines
Diff to previous 1.269 (colored)
To make protocol input functions MP safe, internet PCB need protection. Use their reference counter in more places. The in_pcb lookup functions hold the PCBs in hash tables protected by table->inpt_mtx mutex. Whenever a result is returned, increment the ref count before releasing the mutex. Then the inp can be used as long as neccessary. Unref it at the end of all functions that call in_pcb lookup. As a shortcut, pf may also hold a reference to the PCB. When pf_inp_lookup() returns it, it also incements the ref count and the caller can handle it like the inp from table lookup. OK sashan@
Revision 1.269 / (download) - annotate - [select for diffs], Sat Aug 6 15:57:59 2022 UTC (22 months ago) by bluhm
Branch: MAIN
Changes since 1.268: +2 -2 lines
Diff to previous 1.268 (colored)
Clean up the netlock macros. Merge NET_RLOCK_IN_SOFTNET and NET_RLOCK_IN_IOCTL, which have the same implementation. The R and W are hard to see, call the new macro NET_LOCK_SHARED. Rename the opposite assertion from NET_ASSERT_WLOCKED to NET_ASSERT_LOCKED_EXCLUSIVE. Update some outdated comments about net locking. OK mpi@ mvs@
Revision 1.268 / (download) - annotate - [select for diffs], Tue Jun 28 09:32:27 2022 UTC (23 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.267: +2 -2 lines
Diff to previous 1.267 (colored)
Use btrace(8) to debug reference counting. dt(4) provides a static tracepoint for each type of refcnt we have. As a start, add inpcb and tdb refcnt. When the counter changes, btrace may print the actual object, the current counter, the change value and optionally the stack trace. discussed with visa@; OK mpi@
Revision 1.267 / (download) - annotate - [select for diffs], Mon Jun 6 14:45:41 2022 UTC (2 years ago) by claudio
Branch: MAIN
Changes since 1.266: +2 -2 lines
Diff to previous 1.266 (colored)
Simplify solock() and sounlock(). There is no reason to return a value for the lock operation and to pass a value to the unlock operation. sofree() still needs an extra flag to know if sounlock() should be called or not. But sofree() is called less often and mostly without keeping the lock. OK mpi@ mvs@
Revision 1.266 / (download) - annotate - [select for diffs], Sun May 15 09:12:20 2022 UTC (2 years ago) by dlg
Branch: MAIN
Changes since 1.265: +11 -11 lines
Diff to previous 1.265 (colored)
have in_pcbselsrc copy the selected address to memory provided by the caller. having it return a pointer to something that has a lifetime managed by a lock without accounting for it or taking a reference count or anything like that is asking for trouble. copying the address to caller provded memory while still inside the lock is a lot safer. discussed with visa@ ok bluhm@ claudio@
Revision 1.265 / (download) - annotate - [select for diffs], Thu Apr 14 14:10:22 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.264: +2 -2 lines
Diff to previous 1.264 (colored)
Relax address availability check for multicast binds. While it makes sense to limit bind(2) of unicast addresses that overlap each other to be all from the same UID (like 0.0.0.0:53 and 127.0.0.1:53) it makes little sense for multicast. Multicast is delivered to all sockets that match so there is no risk of someone stealing traffic from someone else. This should hopefully help with mDNS as reported by robert@ OK deraadt@ bluhm@
Revision 1.264 / (download) - annotate - [select for diffs], Tue Mar 22 18:02:54 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.263: +2 -2 lines
Diff to previous 1.263 (colored)
Fix whitespace.
Revision 1.263 / (download) - annotate - [select for diffs], Mon Mar 21 09:12:34 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.262: +51 -11 lines
Diff to previous 1.262 (colored)
Header netinet/in_pcb.h includes sys/mutex.h now. Recommit mutex for PCB tables. It does not break userland build anymore. pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To run pf in parallel, make parts of the stack MP safe. Protect the list and hashes in the PCB tables with a mutex. Note that the protocol notify functions may call pf via tcp_output(). As the pf lock is a sleeping rw_lock, we must not hold a mutex. To solve this for now, collect these PCBs in inp_notify list and protect it with exclusive netlock. OK sashan@
Revision 1.262 / (download) - annotate - [select for diffs], Mon Mar 21 03:51:09 2022 UTC (2 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.261: +7 -5 lines
Diff to previous 1.261 (colored)
treat 255.255.255.255 like an mcast address in in_pcbselsrc. this allows the IP_MULTICAST_IF sockopt to specify which address you want to send a limited broadcast (255.255.255.255) packet out of. requested by and ok claudio@
Revision 1.261 / (download) - annotate - [select for diffs], Mon Mar 14 22:38:43 2022 UTC (2 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.260: +10 -50 lines
Diff to previous 1.260 (colored)
Unbreak the tree, revert commitid aZ8fm4iaUnTCc0ul This reverts the commit protecting the list and hashes in the PCB tables with a mutex since the build of sysctl(8) breaks, as found by kettenis. ok sthen
Revision 1.260 / (download) - annotate - [select for diffs], Mon Mar 14 17:23:00 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.259: +51 -11 lines
Diff to previous 1.259 (colored)
pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To run pf in parallel, make parts of the stack MP safe. Protect the list and hashes in the PCB tables with a mutex. Note that the protocol notify functions may call pf via tcp_output(). As the pf lock is a sleeping rw_lock, we must not hold a mutex. To solve this for now, collect these PCBs in inp_notify list and protect it with exclusive netlock. OK sashan@
Revision 1.259 / (download) - annotate - [select for diffs], Fri Mar 4 20:35:10 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.258: +3 -7 lines
Diff to previous 1.258 (colored)
in_pcbinit() is called during boot. There malloc(9) cannot fail, but would panic instead of waiting. Remove needless error handling. OK mvs@
Revision 1.258 / (download) - annotate - [select for diffs], Wed Mar 2 21:30:58 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.257: +2 -2 lines
Diff to previous 1.257 (colored)
Use NULL instead of 0 for pointer.
Revision 1.257 / (download) - annotate - [select for diffs], Tue Mar 1 23:53:03 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.256: +1 -9 lines
Diff to previous 1.256 (colored)
Remove outdated comment about v4-mapped v6 addresses. They are not supported anymore.
Revision 1.256 / (download) - annotate - [select for diffs], Mon Oct 25 22:20:47 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.255: +1 -9 lines
Diff to previous 1.255 (colored)
The implementation of ipsp_spd_inp() is side effect free. It may set the error output parameter or return a tdb. Both are ignored in in_pcbconnect(). Remove the code that does nothing. OK tobhe@ jca@ mvs@
Revision 1.255 / (download) - annotate - [select for diffs], Wed Mar 10 10:21:48 2021 UTC (3 years, 3 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.254: +2 -2 lines
Diff to previous 1.254 (colored)
spelling ok gnezdo@ semarie@ mpi@
Revision 1.254 / (download) - annotate - [select for diffs], Thu Feb 11 10:41:19 2021 UTC (3 years, 3 months ago) by patrick
Branch: MAIN
Changes since 1.253: +3 -3 lines
Diff to previous 1.253 (colored)
Swap faddr/laddr and fport/lport arguments in call to stoeplitz_ipXport(). Technically the whole point of the stoeplitz API is that it's symmetric, meaning that the order of addresses and ports doesn't matter and will produce the same hash value. Coverity CID 1501717 ok dlg@
Revision 1.253 / (download) - annotate - [select for diffs], Mon Jan 25 03:40:46 2021 UTC (3 years, 4 months ago) by dlg
Branch: MAIN
Changes since 1.252: +11 -1 lines
Diff to previous 1.252 (colored)
if stoeplitz is enabled, use it to provide a flowid for tcp packets. drivers that implement rss and multiple rings depend on the symmetric toeplitz code, and use it to generate a key that decides with rx ring a packet lands on. if the toeplitz code is enabled, this diff has the pcb and tcp layer use the toeplitz code to generate a flowid for packets they send, which in turn is used to pick a tx ring. because the nic and the stack use the same key, the tx and rx sides end up with the same hash/flowid. at the very least this means that the same rx and tx queue pair on a particular nic are used for both sides of the connection. as the stack becomes more parallel, it will also help keep both sides of the tcp connection processing in the one place.
Revision 1.252 / (download) - annotate - [select for diffs], Sat Nov 7 09:51:40 2020 UTC (3 years, 7 months ago) by denis
Branch: MAIN
Changes since 1.251: +3 -4 lines
Diff to previous 1.251 (colored)
Rework source IP address setting. - Move most of the processing out of rtable.c (reasonnable tb@, ok bluhm@) - Remove memory allocation, store pointer to existing ifaddr - Fix tunnel interface handling looks fine mpi@
Revision 1.251 / (download) - annotate - [select for diffs], Thu Nov 5 10:46:13 2020 UTC (3 years, 7 months ago) by denis
Branch: MAIN
Changes since 1.250: +2 -3 lines
Diff to previous 1.250 (colored)
Replace wrong cast with satosin. Advised by bluhm@
Revision 1.250 / (download) - annotate - [select for diffs], Thu Oct 29 21:15:27 2020 UTC (3 years, 7 months ago) by denis
Branch: MAIN
Changes since 1.249: +25 -1 lines
Diff to previous 1.249 (colored)
Add feature to force the selection of source IP address Based/previous work on an idea from deraadt@ Input from claudio@, djm@, deraadt@, sthen@ OK deraadt@
Revision 1.249 / (download) - annotate - [select for diffs], Wed May 27 20:44:07 2020 UTC (4 years ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.248: +8 -1 lines
Diff to previous 1.248 (colored)
Connectionless sockets like UDP can be re-connected to a different address. In that case, the linking to the pf state must be dissolved as the latter still contains the old address. If it is a divert state, also remove the state as any divert state must be associated with a matching socket. Call pf_remove_divert_state() and pf_inp_unlink() from in_pcbconnect(). reported by Tim Kuijsten; OK sashan@ claudio@
Revision 1.248 / (download) - annotate - [select for diffs], Mon Jul 15 12:40:42 2019 UTC (4 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.247: +12 -7 lines
Diff to previous 1.247 (colored)
Initialize struct inpcb pool not on demand, but during initialization. Removes a global variable and avoids MP problems. OK mpi@ visa@
Revision 1.247 / (download) - annotate - [select for diffs], Thu Oct 4 17:33:41 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.246: +4 -49 lines
Diff to previous 1.246 (colored)
Revert the inpcb table mutex commit. It triggers a witness panic in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@
Revision 1.246 / (download) - annotate - [select for diffs], Thu Sep 20 18:59:10 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.245: +50 -5 lines
Diff to previous 1.245 (colored)
As a step towards per inpcb or socket locks, remove the net lock for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
Revision 1.245 / (download) - annotate - [select for diffs], Fri Sep 14 12:55:17 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.244: +4 -2 lines
Diff to previous 1.244 (colored)
In general it is a bad idea to use one random secret for two things. The inet PCB uses one hash with local and foreign addresses, and one with local port numbers. Give both hashes separate keys. Also document the struct fields. OK visa@
Revision 1.244 / (download) - annotate - [select for diffs], Thu Sep 13 19:53:58 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.243: +25 -2 lines
Diff to previous 1.243 (colored)
Add reference counting for inet pcb, this will be needed when we start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
Revision 1.243 / (download) - annotate - [select for diffs], Tue Sep 11 14:34:49 2018 UTC (5 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.242: +6 -161 lines
Diff to previous 1.242 (colored)
Make the distribution of in_ and in6_ functions in in_pcb.c and in6_pcb.c consistent, to ease comparing the code. Move all inet6 functions to in6_. Bring functions in both source files in same order. Cleanup the include section. Now in_pcb.c is a superset of in6_pcb.c. The latter contains all the special implementations. Just moving arround, no code change intended. OK mpi@
Revision 1.242 / (download) - annotate - [select for diffs], Mon Sep 10 22:21:39 2018 UTC (5 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.241: +24 -31 lines
Diff to previous 1.241 (colored)
Remove useless INPCBHASH() macros. Just expand them. OK stsp@
Revision 1.241 / (download) - annotate - [select for diffs], Fri Sep 7 10:55:35 2018 UTC (5 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.240: +14 -1 lines
Diff to previous 1.240 (colored)
Explain the special case for redirect to localhost in a comment. input and OK claudio@
Revision 1.240 / (download) - annotate - [select for diffs], Wed Jul 11 13:08:00 2018 UTC (5 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.239: +7 -19 lines
Diff to previous 1.239 (colored)
Retire RTM_LOSING, it no longer makes sense and on busy servers the route socket is flooded with those messages. Instead maek sure that the removal of the dynamic route that can happen is actually also sent to the routing socket. OK mpi@ henning@
Revision 1.239 / (download) - annotate - [select for diffs], Thu Jun 14 17:16:03 2018 UTC (5 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.238: +13 -12 lines
Diff to previous 1.238 (colored)
In in_pcballoc() finish the inp initialization before adding it to the global inpcb queue and hashes. OK visa@ mpi@ as part of a larger diff
Revision 1.238 / (download) - annotate - [select for diffs], Thu Jun 14 17:00:57 2018 UTC (5 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.237: +2 -3 lines
Diff to previous 1.237 (colored)
Assert that the INP_IPV6 in in6_pcbconnect() is correct. Just call in_pcbconnect() to avoid the address family maze in syn_cache_get(). input claudio@; OK mpi@
Revision 1.237 / (download) - annotate - [select for diffs], Mon Jun 11 08:57:35 2018 UTC (6 years ago) by mpi
Branch: MAIN
Changes since 1.236: +2 -2 lines
Diff to previous 1.236 (colored)
Do not unlock the KERNEL_LOCK() unconditionally in sounlock(). Instead introduce two flags to deal with global lock recursion. This is necessary until we get per-socket lock. Req. by and ok visa@
Revision 1.236 / (download) - annotate - [select for diffs], Mon Jun 11 08:48:54 2018 UTC (6 years ago) by mpi
Branch: MAIN
Changes since 1.235: +1 -3 lines
Diff to previous 1.235 (colored)
Push the KERNEL_LOCK() inside route_input(). ok visa@, tb@
Revision 1.235 / (download) - annotate - [select for diffs], Thu Jun 7 08:46:24 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.234: +4 -4 lines
Diff to previous 1.234 (colored)
The global zero addresses must not change, mark them constant. OK tb@ visa@
Revision 1.234 / (download) - annotate - [select for diffs], Wed Jun 6 06:55:22 2018 UTC (6 years ago) by mpi
Branch: MAIN
Changes since 1.233: +8 -3 lines
Diff to previous 1.233 (colored)
Pass the socket to sounlock(), this prepare the terrain for per-socket locking. ok visa@, bluhm@
Revision 1.233 / (download) - annotate - [select for diffs], Sun Jun 3 21:32:32 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.232: +26 -19 lines
Diff to previous 1.232 (colored)
Use variable names for rtable and rdomain consistently in the in_pcb functions. discussed with and OK mpi@ visa@
Revision 1.232 / (download) - annotate - [select for diffs], Sun Jun 3 21:00:15 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.231: +13 -14 lines
Diff to previous 1.231 (colored)
Rename the incpb table field inpt_hash to inpt_mask as it contains the hashmask. For the resize calculations it is clearer to use the field inpt_size. OK visa@ mpi@
Revision 1.231 / (download) - annotate - [select for diffs], Sat Jun 2 16:27:44 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.230: +16 -17 lines
Diff to previous 1.230 (colored)
Cleanup the in_pcbnotifymiss diagnostic printfs. Always print the rdomain. Move the printf to the end of the pcb lookup functions. OK tb@ mpi@ visa@
Revision 1.230 / (download) - annotate - [select for diffs], Sat Jun 2 16:11:09 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.229: +4 -4 lines
Diff to previous 1.229 (colored)
The function in_pcbrehash() does not modify the pcb table queue. So in in_pcbresize() the variant without _SAFE of the TAILQ_FOREACH macro is sufficient. OK tb@ mpi@ visa@
Revision 1.229 / (download) - annotate - [select for diffs], Fri Mar 30 17:33:54 2018 UTC (6 years, 2 months ago) by dhill
Branch: MAIN
Changes since 1.228: +12 -9 lines
Diff to previous 1.228 (colored)
Store the allocation size in inpcbhead for free(). OK visa@
Revision 1.228 / (download) - annotate - [select for diffs], Mon Feb 19 08:59:53 2018 UTC (6 years, 3 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.227: +3 -3 lines
Diff to previous 1.227 (colored)
Remove almost unused `flags' argument of suser(). The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field. No objection from millert@, ok tedu@, bluhm@
Revision 1.227 / (download) - annotate - [select for diffs], Mon Dec 4 13:40:34 2017 UTC (6 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.226: +25 -7 lines
Diff to previous 1.226 (colored)
Make divert lookup similar for all socket types. If PF_TAG_DIVERTED is set, pf_find_divert() cannot fail so put an assert there. Explicitly check all possible divert types, panic in the default case. For raw sockets call pf_find_divert() before of the socket loop. Divert reply should not match on TCP or UDP listen sockets. OK sashan@ visa@
Revision 1.226 / (download) - annotate - [select for diffs], Fri Dec 1 12:40:58 2017 UTC (6 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.225: +10 -10 lines
Diff to previous 1.225 (colored)
Fix white spaces and shorten long line.
Revision 1.225 / (download) - annotate - [select for diffs], Fri Dec 1 10:33:33 2017 UTC (6 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.224: +11 -15 lines
Diff to previous 1.224 (colored)
Simplify the reverse PCB lookup logic. The PF_TAG_TRANSLATE_LOCALHOST security check prevents that the user accidentally configures redirect where a divert-to would be appropriate. Instead of spreading the logic into tcp and udp input, check the flag during PCB listen lookup. This also reduces parameters of in_pcblookup_listen(). OK visa@
Revision 1.224 / (download) - annotate - [select for diffs], Fri Aug 11 19:53:02 2017 UTC (6 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.223: +8 -17 lines
Diff to previous 1.223 (colored)
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
Revision 1.223 / (download) - annotate - [select for diffs], Fri Aug 4 18:16:42 2017 UTC (6 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.222: +13 -5 lines
Diff to previous 1.222 (colored)
The in_pcbhashlookup() in in_pcbconnect() enforces that the 4 tupel of src/dst ip/port is unique for TCP. But if the socket is not bound, the automatic bind by connect happens after the check. If the socket has the SO_REUSEADDR flag, in_pcbbind() may select an existing local port. Then we had two colliding TCP PCBs. This resulted in a packet storm of ACK packets on loopback. The softnet task was constantly holding the netlock and has a high priority, so the system hung. Do the in_pcbhashlookup() again after in_pcbbind(). This creates sporadic "connect: Address already in use" errors instead of a hang. bug report and testing Olivier Antoine; OK mpi@
Revision 1.222 / (download) - annotate - [select for diffs], Fri Jun 9 12:56:43 2017 UTC (7 years ago) by mpi
Branch: MAIN
Changes since 1.221: +17 -4 lines
Diff to previous 1.221 (colored)
Replace rtrequest(RTM_DELETE...) rtrequest_delete() and do not even try to remove a route from the table if it is and invalid cache. This is a step towards decoupling code dealing with userland and kernel inserted routes. ok bluhm@
Revision 1.221 / (download) - annotate - [select for diffs], Wed Jun 7 13:28:02 2017 UTC (7 years ago) by mpi
Branch: MAIN
Changes since 1.220: +4 -1 lines
Diff to previous 1.220 (colored)
Grab the KERNEL_LOCK() around rtm*() functions. Routing sockets globals
aren't protected by the NET_LOCK().
While here change lock assertions in rt_{set,put}gwroute(), the NET_LOCK()
is enough.
Tested by Hrvoje Popovski.
ok jmatthew@, claudio@
Revision 1.220 / (download) - annotate - [select for diffs], Tue Mar 7 16:59:40 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.219: +6 -13 lines
Diff to previous 1.219 (colored)
When the inpcb queue and hash lists are traversed or modified we need netlock. Remove the obsolete splnet. OK mpi@
Revision 1.219 / (download) - annotate - [select for diffs], Tue Mar 7 12:00:31 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.218: +11 -3 lines
Diff to previous 1.218 (colored)
Initially in_pcballoc() hooked all new inpcb, including the IPv6 ones, into the IPv4 hash. They cannot be used before bind(2) anyway and then they are rehashed and rehooked, so this was not noticed. Nevertheless put IPv6 PCBs into the IPv6 hash from the beginning. OK jca@ mpi@
Revision 1.218 / (download) - annotate - [select for diffs], Mon Mar 6 08:59:07 2017 UTC (7 years, 3 months ago) by mpi
Branch: MAIN
Changes since 1.217: +1 -3 lines
Diff to previous 1.217 (colored)
Kill global list of IPv6 addresses. ok bluhm@
Revision 1.217 / (download) - annotate - [select for diffs], Mon Mar 6 08:56:39 2017 UTC (7 years, 3 months ago) by mpi
Branch: MAIN
Changes since 1.216: +2 -2 lines
Diff to previous 1.216 (colored)
Prefix functions dealing with routing messages with 'rtm_' and keep them all in net/rtsock.c. This allows to easily spot which functions are doing a copyout(9) when dealing with the routing midlayer. ok phessler@, bluhm@, dhill@, krw@, claudio@
Revision 1.216 / (download) - annotate - [select for diffs], Thu Oct 6 19:09:08 2016 UTC (7 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.215: +1 -3 lines
Diff to previous 1.215 (colored)
Remove redundant comments that say a function must be called at splsoftnet() if the function does a splsoftassert(IPL_SOFTNET) anyway.
Revision 1.215 / (download) - annotate - [select for diffs], Thu Sep 15 02:00:18 2016 UTC (7 years, 8 months ago) by dlg
Branch: MAIN
Changes since 1.214: +3 -4 lines
Diff to previous 1.214 (colored)
all pools have their ipl set via pool_setipl, so fold it into pool_init. the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
Revision 1.214 / (download) - annotate - [select for diffs], Tue Sep 6 00:04:15 2016 UTC (7 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.213: +2 -1 lines
Diff to previous 1.213 (colored)
pool_setipl for various netinet and netinet6 bits thank you to everyone who helped reviewed these diffs ok mpi@
Revision 1.213 / (download) - annotate - [select for diffs], Thu Aug 4 20:46:24 2016 UTC (7 years, 10 months ago) by vgross
Branch: MAIN
Changes since 1.212: +9 -6 lines
Diff to previous 1.212 (colored)
Commit in6_selectsrc() split again, with missing assignment fixed.
Revision 1.212 / (download) - annotate - [select for diffs], Fri Jul 22 11:14:41 2016 UTC (7 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.211: +5 -8 lines
Diff to previous 1.211 (colored)
Revert in_selectsrc() refactoring, it breaks IPv6. Reported by Heiko on bugs@. ok stsp@, claudio@
Revision 1.211 / (download) - annotate - [select for diffs], Wed Jul 20 18:51:50 2016 UTC (7 years, 10 months ago) by vgross
Branch: MAIN
Changes since 1.210: +9 -6 lines
Diff to previous 1.210 (colored)
Split in6_selectsrc() into a low-level part and a pcb-level part, and convert in_selectsrc() prototype to match. Ok bluhm@ mpi@.
Revision 1.210 / (download) - annotate - [select for diffs], Tue Jul 19 14:49:46 2016 UTC (7 years, 10 months ago) by mpi
Branch: MAIN
Changes since 1.209: +4 -2 lines
Diff to previous 1.209 (colored)
NULLify a route pointer after calling rtfree(9). This should theoretically be a no-op because we're freeing the PCB right after, but it helps us debug a reference count problem found by otto@. ok mikeb@
Revision 1.209 / (download) - annotate - [select for diffs], Tue Jul 5 09:17:10 2016 UTC (7 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.208: +9 -8 lines
Diff to previous 1.208 (colored)
Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magic
addresses set on p2p interfaces.
Found the hardway by naddy@
Revision 1.208 / (download) - annotate - [select for diffs], Thu Jun 30 12:36:27 2016 UTC (7 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.207: +8 -9 lines
Diff to previous 1.207 (colored)
Use ``rt_addr'' rather than ``rt_ifa'' to get the source address corresponding to a route. ok florian@ on a previous version, input and ok bluhm@
Revision 1.207 / (download) - annotate - [select for diffs], Sat Jun 18 10:36:13 2016 UTC (7 years, 11 months ago) by vgross
Branch: MAIN
Changes since 1.206: +19 -2 lines
Diff to previous 1.206 (colored)
Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.
Ok millert@ bluhm@
Revision 1.206 / (download) - annotate - [select for diffs], Tue Apr 19 22:16:25 2016 UTC (8 years, 1 month ago) by sthen
Branch: MAIN
Changes since 1.205: +2 -2 lines
Diff to previous 1.205 (colored)
Use the correct byte-order when checking against baddynamic ports, restoring pre-1.190 behaviour. ok millert@ mpi@
Revision 1.205 / (download) - annotate - [select for diffs], Wed Apr 13 06:06:04 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.204: +2 -2 lines
Diff to previous 1.204 (colored)
Remove extra parenthesis around comparison. Found by David Hill <dhill@mindcry.org> with clang.
Revision 1.204 / (download) - annotate - [select for diffs], Tue Apr 12 14:42:54 2016 UTC (8 years, 2 months ago) by krw
Branch: MAIN
Changes since 1.203: +3 -1 lines
Diff to previous 1.203 (colored)
Unbreak tree. Put 'laddr6' declaration inside #ifdef INET6/#endif.
Revision 1.203 / (download) - annotate - [select for diffs], Mon Apr 11 21:39:18 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.202: +20 -42 lines
Diff to previous 1.202 (colored)
Simplify in_pcblookup_local() logic. ok mpi@
Revision 1.202 / (download) - annotate - [select for diffs], Mon Apr 11 21:24:29 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.201: +13 -12 lines
Diff to previous 1.201 (colored)
Rename in_pcblookup() to in_pcblookup_local() and change its prototype to get rid of the now useless foreign address and ports parameters. ok mpi@
Revision 1.201 / (download) - annotate - [select for diffs], Fri Apr 8 14:34:21 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.200: +19 -19 lines
Diff to previous 1.200 (colored)
We must always check if the socket is already bound, and always set INPLOOKUP_IPV6 when applicable. Bug introduced in revision 1.197 by yours truly. Ok bluhm@
Revision 1.200 / (download) - annotate - [select for diffs], Tue Apr 5 21:21:41 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.199: +6 -7 lines
Diff to previous 1.199 (colored)
Move reserved port checks from in(6)_pcbaddrisavail() to in_pcbbind(). Kill old comments while at it. Ok mpi@ bluhm@
Revision 1.199 / (download) - annotate - [select for diffs], Tue Apr 5 19:34:05 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.198: +20 -10 lines
Diff to previous 1.198 (colored)
Move inp_laddr assignment after in_pcbpickport(), extend in_pcbpickport() as needed. Ok bluhm@
Revision 1.198 / (download) - annotate - [select for diffs], Sat Mar 26 21:56:04 2016 UTC (8 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.197: +3 -3 lines
Diff to previous 1.197 (colored)
Always include the route priority in routing messages. From Florian Riehm, ok bluhm@
Revision 1.197 / (download) - annotate - [select for diffs], Wed Mar 23 15:50:36 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.196: +45 -19 lines
Diff to previous 1.196 (colored)
Merge in_pcbbind() and in6_pcbbind(), and change every call to in6_pcbbind() into in_pcbbind(). Ok jca@ mpi@
Revision 1.196 / (download) - annotate - [select for diffs], Wed Mar 23 00:07:31 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.195: +72 -53 lines
Diff to previous 1.195 (colored)
Extract in_pcbaddrisavail() from in_pcbbind(). ok jca@
Revision 1.195 / (download) - annotate - [select for diffs], Fri Dec 18 22:25:16 2015 UTC (8 years, 5 months ago) by vgross
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.194: +2 -2 lines
Diff to previous 1.194 (colored)
Fix SO_REUSE* flags effects when binding multicast addresses. No regression observed on avahi. ok benno@
Revision 1.194 / (download) - annotate - [select for diffs], Thu Dec 3 21:57:59 2015 UTC (8 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.193: +3 -2 lines
Diff to previous 1.193 (colored)
Get rid of rt_mask() and stop allocating a "struct sockaddr" for every route entry in ART. rt_plen() now represents the prefix length of a route entry and should be used instead. For now use a "struct sockaddr_in6" to represent the mask when needed, this should be then replaced by the prefix length and RTA_NETMASK only used for compatibility with userland. ok claudio@
Revision 1.193 / (download) - annotate - [select for diffs], Thu Dec 3 14:55:18 2015 UTC (8 years, 6 months ago) by vgross
Branch: MAIN
Changes since 1.192: +8 -8 lines
Diff to previous 1.192 (colored)
Remove broadcast matching from ifa_ifwithaddr(), use in_broadcast() where required. ok bluhm@ mpi@.
Revision 1.192 / (download) - annotate - [select for diffs], Thu Dec 3 14:05:28 2015 UTC (8 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.191: +2 -3 lines
Diff to previous 1.191 (colored)
To avoid that the stack manipules the pf statekeys directly, introduce pf_inp_...() lookup, link and unlink functions as an interface. Locking can be added to them later. Remove the first linking at the beginning of tcp_input() and udp_input() as it is not necessary. It will be done later anyway. That code was a relict, from the time before I had added the second linking. Input from mikeb@ and sashan@; OK sashan@
Revision 1.191 / (download) - annotate - [select for diffs], Thu Dec 3 09:49:15 2015 UTC (8 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.190: +3 -3 lines
Diff to previous 1.190 (colored)
Rename pf_unlink_state() to pf_remove_state() so the name does not collide with the statekey to inp unlinking. OK sashan@ mpi@
Revision 1.190 / (download) - annotate - [select for diffs], Wed Dec 2 22:13:44 2015 UTC (8 years, 6 months ago) by vgross
Branch: MAIN
Changes since 1.189: +65 -44 lines
Diff to previous 1.189 (colored)
Move port picking away from in_pcbbind() ok sthen@
Revision 1.189 / (download) - annotate - [select for diffs], Wed Dec 2 16:00:42 2015 UTC (8 years, 6 months ago) by sashan
Branch: MAIN
Changes since 1.188: +3 -12 lines
Diff to previous 1.188 (colored)
- hide PF internals to pf_unlink_divert_state() from in_pcb.c OK mpi@, bluhm@
Revision 1.188 / (download) - annotate - [select for diffs], Fri Oct 30 09:39:42 2015 UTC (8 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.187: +2 -2 lines
Diff to previous 1.187 (colored)
Rename rtrequest1() to rtrequest(). OK mpi@
Revision 1.187 / (download) - annotate - [select for diffs], Sun Oct 25 10:05:09 2015 UTC (8 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.186: +2 -2 lines
Diff to previous 1.186 (colored)
Instead of doing the the if_get() dance for rt_missmsg(), change the function to take an interface index. discussed with mpi@; OK claudio@
Revision 1.186 / (download) - annotate - [select for diffs], Fri Oct 23 13:26:07 2015 UTC (8 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.185: +3 -3 lines
Diff to previous 1.185 (colored)
``rt_ifp'' cannot be NULL. ok claudio@
Revision 1.185 / (download) - annotate - [select for diffs], Tue Oct 20 18:04:03 2015 UTC (8 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.184: +1 -5 lines
Diff to previous 1.184 (colored)
At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on socket(). Without pledge, all other socket behaviours become permitted, except this one case: connect/send* only works to *:53. In pledge mode, a very few are further restricted. Some backwards compatibility for the dnssocket/dnsconnect calls will remain in the tree temporarily so that people can build through the transition. ok tedu guenther semarie
Revision 1.184 / (download) - annotate - [select for diffs], Mon Oct 19 12:10:05 2015 UTC (8 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.183: +4 -4 lines
Diff to previous 1.183 (colored)
Stop checking for RTF_UP directly, call rtisvalid(9) instead. While here add a missing ``rtableid'' check in in_selectsrc(). ok bluhm@
Revision 1.183 / (download) - annotate - [select for diffs], Mon Oct 19 08:49:13 2015 UTC (8 years, 7 months ago) by vgross
Branch: MAIN
Changes since 1.182: +27 -47 lines
Diff to previous 1.182 (colored)
deduplicate in[6]_pcbbind() port scan loop. ok mpi@
Revision 1.182 / (download) - annotate - [select for diffs], Sun Oct 18 00:04:43 2015 UTC (8 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.181: +2 -2 lines
Diff to previous 1.181 (colored)
Add two new system calls: dnssocket() and dnsconnect(). This creates a SS_DNS tagged socket which has limited functionality (for example, you cannot accept on them...) The libc resolver will switch to using these, therefore pledge can identify a DNS transaction better. ok tedu guenther kettenis beck and others
Revision 1.181 / (download) - annotate - [select for diffs], Fri Oct 9 01:10:27 2015 UTC (8 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.180: +4 -4 lines
Diff to previous 1.180 (colored)
Rename tame() to pledge(). This fairly interface has evolved to be more strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
Revision 1.180 / (download) - annotate - [select for diffs], Tue Sep 22 09:34:38 2015 UTC (8 years, 8 months ago) by vgross
Branch: MAIN
Changes since 1.179: +14 -15 lines
Diff to previous 1.179 (colored)
Remove inpt_lastport from struct inpcbtable, use local variables in in_pcbbind() and in6_pcbsetport() ok claudio@, with input from David Hill
Revision 1.179 / (download) - annotate - [select for diffs], Fri Sep 11 15:29:47 2015 UTC (8 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.178: +2 -2 lines
Diff to previous 1.178 (colored)
Convert _TM_ flags to TAME_ flags, collapsing the entire mapping layer because the strings select the right options. Mechanical conversion. ok guenther
Revision 1.178 / (download) - annotate - [select for diffs], Fri Sep 11 13:59:27 2015 UTC (8 years, 9 months ago) by vgross
Branch: MAIN
Changes since 1.177: +3 -7 lines
Diff to previous 1.177 (colored)
Stricter checks on sockaddr content when binding PF_INET sockets. Ok mpi@
Revision 1.177 / (download) - annotate - [select for diffs], Fri Sep 11 08:22:31 2015 UTC (8 years, 9 months ago) by guenther
Branch: MAIN
Changes since 1.176: +2 -1 lines
Diff to previous 1.176 (colored)
Only include <sys/tame.h> in the .c files that need it ok deraadt@ miod@
Revision 1.176 / (download) - annotate - [select for diffs], Wed Sep 9 20:14:40 2015 UTC (8 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.175: +5 -2 lines
Diff to previous 1.175 (colored)
if_put after you if_get ok mpi@
Revision 1.175 / (download) - annotate - [select for diffs], Tue Sep 1 21:24:04 2015 UTC (8 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.174: +2 -2 lines
Diff to previous 1.174 (colored)
Replace sockaddr casts with the proper satosin(), ... calls. From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
Revision 1.174 / (download) - annotate - [select for diffs], Sat Aug 22 20:18:50 2015 UTC (8 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.173: +1 -2 lines
Diff to previous 1.173 (colored)
Move to tame(int flags, char *paths[]) API/ABI. The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
Revision 1.173 / (download) - annotate - [select for diffs], Wed Aug 19 13:27:38 2015 UTC (8 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.172: +2 -2 lines
Diff to previous 1.172 (colored)
Convert all calls to rtrequest1() and the following error check into a common pattern. In the man page clarify the usage of the returned route. OK mpi@ mikeb@ jmc@
Revision 1.172 / (download) - annotate - [select for diffs], Sun Jul 19 02:35:35 2015 UTC (8 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.171: +6 -1 lines
Diff to previous 1.171 (colored)
tame(2) is a subsystem which restricts programs into a "reduced feature operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
Revision 1.171 / (download) - annotate - [select for diffs], Wed Jul 15 22:16:42 2015 UTC (8 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.170: +2 -3 lines
Diff to previous 1.170 (colored)
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
Revision 1.170 / (download) - annotate - [select for diffs], Thu Apr 16 19:24:13 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.169: +1 -12 lines
Diff to previous 1.169 (colored)
remove unfinished/unused support for socket-attached ipsec-policies ok mikeb
Revision 1.169 / (download) - annotate - [select for diffs], Tue Apr 14 12:22:15 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
Changes since 1.168: +1 -5 lines
Diff to previous 1.168 (colored)
Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
Revision 1.168 / (download) - annotate - [select for diffs], Tue Feb 10 03:07:56 2015 UTC (9 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.167: +13 -13 lines
Diff to previous 1.167 (colored)
bzero -> memset and unify sizeof() usage (no space). Requested by reyk@, dlg@ and OK mpi@, henning@
Revision 1.167 / (download) - annotate - [select for diffs], Tue Feb 10 01:36:59 2015 UTC (9 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.166: +4 -1 lines
Diff to previous 1.166 (colored)
Nuke sin_zero before passing it on down into the ifa_ifwithaddr() that way garbage in the pad bytes does not perturb the outcome. This fixes regress/sys/kern/bind. OK mpi@, phessler@, reyk@
Revision 1.166 / (download) - annotate - [select for diffs], Sat Jan 24 00:29:06 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.165: +3 -2 lines
Diff to previous 1.165 (colored)
Userland (base & ports) was adapted to always include <netinet/in.h> before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be cleaned up next. Some sockaddr_union steps make it into here as well. ok naddy
Revision 1.165 / (download) - annotate - [select for diffs], Wed Dec 17 09:45:59 2014 UTC (9 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.164: +2 -2 lines
Diff to previous 1.164 (colored)
Use an interface index instead of a pointer for multicast options.
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
Revision 1.164 / (download) - annotate - [select for diffs], Fri Dec 5 15:50:04 2014 UTC (9 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.163: +2 -1 lines
Diff to previous 1.163 (colored)
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>. ok mikeb@, krw@, bluhm@, tedu@
Revision 1.163 / (download) - annotate - [select for diffs], Tue Nov 18 02:37:31 2014 UTC (9 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.162: +1 -2 lines
Diff to previous 1.162 (colored)
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
Revision 1.162 / (download) - annotate - [select for diffs], Sat Nov 15 10:55:47 2014 UTC (9 years, 6 months ago) by dlg
Branch: MAIN
Changes since 1.161: +83 -28 lines
Diff to previous 1.161 (colored)
use siphash in the in_pcb hashing. this mitigates it against flooding attacks. this is a textbook use of siphash. the idea of using siphash for this came from yasuoka-san, but i had the time to do it. he also tested and tweaked this diff. ok yasuoka@ mikeb@
Revision 1.161 / (download) - annotate - [select for diffs], Tue Oct 28 11:02:38 2014 UTC (9 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.160: +5 -4 lines
Diff to previous 1.160 (colored)
Select a proper source address when the bound address is INADDR_BROADCAST the same as INADDR_ANY. ok mpi
Revision 1.160 / (download) - annotate - [select for diffs], Tue Oct 14 09:52:26 2014 UTC (9 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.159: +3 -3 lines
Diff to previous 1.159 (colored)
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro. ok mikeb@, henning@
Revision 1.159 / (download) - annotate - [select for diffs], Sat Sep 27 12:26:16 2014 UTC (9 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.158: +7 -4 lines
Diff to previous 1.158 (colored)
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die. ok claudio@
Revision 1.158 / (download) - annotate - [select for diffs], Tue Jul 22 11:06:10 2014 UTC (9 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.157: +1 -2 lines
Diff to previous 1.157 (colored)
Fewer <netinet/in_systm.h> !
Revision 1.157 / (download) - annotate - [select for diffs], Sat Jul 12 21:06:34 2014 UTC (9 years, 11 months ago) by yasuoka
Branch: MAIN
Changes since 1.156: +43 -1 lines
Diff to previous 1.156 (colored)
Resize the pcb hashtable automatically. The table size will be doubled when the number of the hash entries reaches 75% of the table size. ok dlg henning, 'commit in' claudio
Revision 1.156 / (download) - annotate - [select for diffs], Wed Jun 4 13:45:47 2014 UTC (10 years ago) by mpi
Branch: MAIN
Changes since 1.155: +15 -7 lines
Diff to previous 1.155 (colored)
Only use ifa_ifwithaddr() to check if the binding address is on the system. Yes, this is ugly for the moment because OpenBSD prevents you from binding a tcp socket to broadcast address and checking for a broadcast address is... funny! If you've ever wondered why would lead people to write: ina.s_addr != ia->ia_addr.sin_addr.s_addr instead of: ina.s_addr == ia->ia_broadaddr.sin_addr.s_addr Well this is because all the IPv4 addresses belonging to your lo(4) interfaces match the second idiom. Hopefully we'll get rid of this hack soon. ok jca@, mikeb@
Revision 1.155 / (download) - annotate - [select for diffs], Wed May 7 08:26:38 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.154: +4 -19 lines
Diff to previous 1.154 (colored)
Remove the last hacks concerning the global list of IPv4 addresses in the source address selection logic. These hacks were only relevant for the NFS diskless boot code in order to pick the local broadcast address of the only configured interface. So, be explicit and set this address directly. Tested by florian@, ok henning@, beck@, chrisz@
Revision 1.154 / (download) - annotate - [select for diffs], Fri Apr 18 10:48:29 2014 UTC (10 years, 1 month ago) by jca
Branch: MAIN
Changes since 1.153: +21 -23 lines
Diff to previous 1.153 (colored)
Invert the signature logic of in{,6}_selectsrc, make them return the
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
Revision 1.153 / (download) - annotate - [select for diffs], Wed Apr 16 13:04:38 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.152: +47 -64 lines
Diff to previous 1.152 (colored)
Merge in_fixaddr() into in_selectsrc() in order to prepare for IP_SENDSRCADDR support. This reduces the differences with the IPv6 version and kill some comments that are no longer true. ok jca@, chrisz@, mikeb@
Revision 1.152 / (download) - annotate - [select for diffs], Mon Apr 7 10:04:17 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.151: +8 -21 lines
Diff to previous 1.151 (colored)
Retire kernel support for SO_DONTROUTE, this time without breaking localhost connections. The plan is to always use the routing table for addresses and routes resolutions, so there is no future for an option that wants to bypass it. This option has never been implemented for IPv6 anyway, so let's just remove the IPv4 bits that you weren't aware of. Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
Revision 1.151 / (download) - annotate - [select for diffs], Sun Apr 6 17:13:23 2014 UTC (10 years, 2 months ago) by chrisz
Branch: MAIN
Changes since 1.150: +63 -38 lines
Diff to previous 1.150 (colored)
factor out source and destination address mangling from in_pcbconnect() for later reuse in udp_output(). "Apart from that OK" claudio@
Revision 1.150 / (download) - annotate - [select for diffs], Sun Apr 6 16:49:40 2014 UTC (10 years, 2 months ago) by chrisz
Branch: MAIN
Changes since 1.149: +2 -1 lines
Diff to previous 1.149 (colored)
Remove redundant call to in{,6}_pcbbind() from tcp PRU_CONNECT.
Make sure that in_pcbbind() is called from in_pcbconnect() by KASSERTing that
local port == 0 implies an unspecified local address.
OK claudio@
Revision 1.149 / (download) - annotate - [select for diffs], Fri Mar 28 08:33:51 2014 UTC (10 years, 2 months ago) by sthen
Branch: MAIN
Changes since 1.148: +18 -5 lines
Diff to previous 1.148 (colored)
revert "Retire kernel support for SO_DONTROUTE" diff, which does bad things for localhost connections. discussed with deraadt@
Revision 1.148 / (download) - annotate - [select for diffs], Thu Mar 27 13:27:28 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.147: +6 -19 lines
Diff to previous 1.147 (colored)
Retire kernel support for SO_DONTROUTE, since the plan is to always use the routing table there's no future for an option that wants to bypass it. This option has never been implemented for IPv6 anyway, so let's just remove the IPv4 bits that you weren't aware of. Tested by florian@, man pages inputs from jmc@, ok benno@
Revision 1.147 / (download) - annotate - [select for diffs], Sat Jan 18 21:14:46 2014 UTC (10 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.146: +16 -3 lines
Diff to previous 1.146 (colored)
There was an awkward behaviour after a connection had been diverted to a socket. When the application removed the socket, the pf state would persist. A new connection did not hit the divert rule as the state still grabed the packet. The solution is to unlink the associated divert state when the socket gets destroyed. This is possible as both are linked together and a divert state without socket does not make sense. OK mikeb@
Revision 1.146 / (download) - annotate - [select for diffs], Fri Dec 20 02:04:08 2013 UTC (10 years, 5 months ago) by krw
Branch: MAIN
Changes since 1.145: +8 -14 lines
Diff to previous 1.145 (colored)
Switch inpt_queue from CIRCLEQ to TAILQ. Thus ending use of CIRCLEQ in the base. Ports fixes to follow shortly for the two ports (gkrellm and net-snmp) affected. ok zhuk@ millert@
Revision 1.145 / (download) - annotate - [select for diffs], Wed Oct 23 19:57:49 2013 UTC (10 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.144: +2 -2 lines
Diff to previous 1.144 (colored)
Back when some NRL code was merged into KAME to create the *BSD IPV6 stack (factoid: by a bunch of people in my living room), some compatibility #define's were created to shim incompatible inpcb access methods. There was an understanding they would eventually be removed. Since they are error prone, and 1999 is a long time ago, now they die. ok mikeb claudio mpi
Revision 1.144 / (download) - annotate - [select for diffs], Sun Oct 20 22:28:58 2013 UTC (10 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.143: +10 -11 lines
Diff to previous 1.143 (colored)
Make the IPv4 and IPv6 code look similar to allow easy comparison. While there fix some white space errors. No functional change. OK claudio@ phessler@
Revision 1.143 / (download) - annotate - [select for diffs], Sun Oct 20 11:03:00 2013 UTC (10 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.142: +17 -11 lines
Diff to previous 1.142 (colored)
Put a large chunk of the IPv6 rdomain support in-tree. Still some important missing pieces, and this is not yet enabled. OK bluhm@
Revision 1.142 / (download) - annotate - [select for diffs], Fri Oct 18 21:27:27 2013 UTC (10 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.141: +2 -3 lines
Diff to previous 1.141 (colored)
In in_pcblookup() convert a hand crafted loop into a LIST_FOREACH macro. No binary change. OK mpi@
Revision 1.141 / (download) - annotate - [select for diffs], Thu Oct 17 16:27:43 2013 UTC (10 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.140: +2 -1 lines
Diff to previous 1.140 (colored)
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
Revision 1.140 / (download) - annotate - [select for diffs], Fri Sep 6 12:12:45 2013 UTC (10 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.139: +7 -8 lines
Diff to previous 1.139 (colored)
Make use of IFP_TO_IA() instead of rolling our own copy. ok bluhm@, henning@
Revision 1.139 / (download) - annotate - [select for diffs], Sat Jun 1 13:25:40 2013 UTC (11 years ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.138: +1 -3 lines
Diff to previous 1.138 (colored)
Remove redundant call to splsoftnet(). There is a splsoftassert(IPL_SOFTNET) at the start of in_pcbdetach(). From David Hill
Revision 1.138 / (download) - annotate - [select for diffs], Fri May 31 13:15:53 2013 UTC (11 years ago) by bluhm
Branch: MAIN
Changes since 1.137: +3 -3 lines
Diff to previous 1.137 (colored)
The function rip6_ctlinput() claims that sa6_src is constant to allow the assingment of &sa6_any. But rip6_ctlinput() could not guarantee that as it casted away the const attribute when it passes the pointer to in6_pcbnotify(). Replace sockaddr with const sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the number of casts. Also adjust in6_pcbhashlookup() to handle the const attribute correctly. Input and OK claudio@
Revision 1.137 / (download) - annotate - [select for diffs], Tue Apr 9 08:35:38 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.136: +5 -10 lines
Diff to previous 1.136 (colored)
Remove read-only ipsec variables and directly use defines instead. ok mikeb@, markus@
Revision 1.136 / (download) - annotate - [select for diffs], Tue Apr 2 18:27:46 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.135: +2 -2 lines
Diff to previous 1.135 (colored)
Use macros sotoinpcb() and intotcpcb() instead of casts. Use NULL instead of 0 for pointers. No binary change. OK mpi@
Revision 1.135 / (download) - annotate - [select for diffs], Sun Mar 31 11:18:35 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.134: +3 -1 lines
Diff to previous 1.134 (colored)
The call to in_pcballoc() in user request attach was handled in three different ways. Use the same code in udp_usrreq() and rip_usrreq() and rip6_usrreq(). This also fixes a pcb and socket leak in udp_usrreq() in case soreserve() fails. Put an splsoftassert() into in_pcballoc() for safety. OK mpi@
Revision 1.134 / (download) - annotate - [select for diffs], Fri Mar 29 13:16:14 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.133: +2 -2 lines
Diff to previous 1.133 (colored)
Declare struct pf_state_key in the mbuf and in_pcb header files to avoid ugly casts. OK krw@ tedu@
Revision 1.133 / (download) - annotate - [select for diffs], Thu Mar 28 12:06:55 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.132: +2 -3 lines
Diff to previous 1.132 (colored)
Replace some casts to struct in_ifaddr pointer by ifatoia() or NULL. ok millert@, haesbaert@, bluhm@
Revision 1.132 / (download) - annotate - [select for diffs], Thu Mar 28 00:32:11 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.131: +3 -3 lines
Diff to previous 1.131 (colored)
Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 macros do not check the source type. They just cast anything. Remove needless casts and do not use those macros if the source type does not match. Remove duplicate defines. No binary change. OK kettenis@ krw@
Revision 1.131 / (download) - annotate - [select for diffs], Tue Feb 5 19:09:52 2013 UTC (11 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.130: +3 -4 lines
Diff to previous 1.130 (colored)
Make the inet6 and inet cases in in_pcbrtentry() look similar. No functional change. OK millert@
Revision 1.130 / (download) - annotate - [select for diffs], Mon Feb 4 15:10:22 2013 UTC (11 years, 4 months ago) by millert
Branch: MAIN
Changes since 1.129: +2 -2 lines
Diff to previous 1.129 (colored)
Set sa_len correctly for PF_INET (and be consistent with the PF_INET6 case). On our platforms, sizeof(struct sockaddr) matches sizeof(struct sockaddr_in) so this hasn't caused problems but it is still incorrect. From Anthony Low. OK martynas@ bluhm@
Revision 1.129 / (download) - annotate - [select for diffs], Wed Jan 16 00:07:22 2013 UTC (11 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.128: +6 -12 lines
Diff to previous 1.128 (colored)
Pass struct inpcb pointer to in_pcb...() functions instead of void pointer. Allows stricter type checking. No functional change. OK claudio@
Revision 1.128 / (download) - annotate - [select for diffs], Thu Sep 20 10:25:03 2012 UTC (11 years, 8 months ago) by blambert
Branch: MAIN
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored)
spltdb() was really just #define'd to be splsoftnet(); replace the former with the latter no change in md5 checksum of generated files ok claudio@ henning@
Revision 1.127 / (download) - annotate - [select for diffs], Thu Jul 12 15:59:17 2012 UTC (11 years, 11 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.126: +8 -9 lines
Diff to previous 1.126 (colored)
Be way more careful when accessing a possibly cached route in_selectsrc() since it may already been gone. Fixes panic seen by stsp@ when unplugging a used USB interface. Tested and OK stsp@
Revision 1.126 / (download) - annotate - [select for diffs], Tue Mar 6 12:44:17 2012 UTC (12 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.125: +8 -1 lines
Diff to previous 1.125 (colored)
Check if route is still valid when getting the cached rt entry of a pcb. While there make sure we do the lookup in the correct routing table. OK mikeb, henning and phessler
Revision 1.125 / (download) - annotate - [select for diffs], Wed Jan 11 17:45:05 2012 UTC (12 years, 5 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.124: +3 -1 lines
Diff to previous 1.124 (colored)
Put an splsoftassert(IPL_SOFTNET) into in_pcbdetach(). ok mikeb@
Revision 1.124 / (download) - annotate - [select for diffs], Wed Jul 6 01:57:37 2011 UTC (12 years, 11 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.123: +5 -3 lines
Diff to previous 1.123 (colored)
allow /31s on broadcast interfaces (eg ethernet) to work as per rfc3021. the issue in our kernel was the broadcast address calculated on the /31 caused a ton of checks for use of broadcast addresses to kick in and prevent one of the two addresses on the /31 from being used. this diff basically detects if a /31 has been configured and doesnt configure a broadcast address for it, which makes the ips usable for normal traffic. i wrote this so i could interoperate with "carrier" network gear better, and sthen wants it so he can conserve address space use. the further special casing of broadcast address handling was from claudio@ ok claudio@ markus@ sthen@ henning@
Revision 1.123 / (download) - annotate - [select for diffs], Tue Jul 5 21:40:38 2011 UTC (12 years, 11 months ago) by dhill
Branch: MAIN
Changes since 1.122: +14 -35 lines
Diff to previous 1.122 (colored)
ansify ok claudio@
Revision 1.122 / (download) - annotate - [select for diffs], Mon Jul 4 06:54:49 2011 UTC (12 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.121: +4 -4 lines
Diff to previous 1.121 (colored)
Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6. The functions were 95% identical anyway. While there use struct pf_addr in struct pf_divert instead of some union which is the same. OK bluhm@ mcbride@ and most probably henning@ as well
Revision 1.121 / (download) - annotate - [select for diffs], Sun May 29 13:22:53 2011 UTC (13 years ago) by claudio
Branch: MAIN
Changes since 1.120: +22 -22 lines
Diff to previous 1.120 (colored)
Move the source address selection for multicast destinations that specify the outgoing interface with a multicast option up. Doing this before the route lookup allows multicast traffic to work even when the default 224/4 reject route is installed. Raw IP and IPv6 already had this behaviour. Based on work by Christiano F. Haesbaert. OK sthen@
Revision 1.120 / (download) - annotate - [select for diffs], Fri May 13 14:31:16 2011 UTC (13 years, 1 month ago) by oga
Branch: MAIN
Changes since 1.119: +3 -18 lines
Diff to previous 1.119 (colored)
Revert the pf->socket linking diff. at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw with xxxterm not sure about pirofti) involving pool corruption while using this commit. krw and todd confirm that this backout fixes the problem. ok blambert@ krw@, todd@ henning@ and kettenis@ Double link between pf states and sockets. Henning has already implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
Revision 1.119 / (download) - annotate - [select for diffs], Thu Apr 28 09:56:27 2011 UTC (13 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.118: +3 -2 lines
Diff to previous 1.118 (colored)
Make in_broadcast() rdomain aware. Mostly mechanical change. This fixes the problem of binding sockets to broadcast IPs in other rdomains. OK henning@
Revision 1.118 / (download) - annotate - [select for diffs], Thu Apr 28 07:10:03 2011 UTC (13 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.117: +5 -2 lines
Diff to previous 1.117 (colored)
Allow SOCK_DGRAM sockets to be bound to the local network broadcast addr. These sockets will only see broadcast sent to that particular address. Some applications like samba use this feature. Problem found and initial version by sthen@, OK sthen@, henning@
Revision 1.117 / (download) - annotate - [select for diffs], Sun Apr 24 19:36:54 2011 UTC (13 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.116: +18 -3 lines
Diff to previous 1.116 (colored)
Double link between pf states and sockets. Henning has already implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
Revision 1.116 / (download) - annotate - [select for diffs], Tue Apr 19 03:47:29 2011 UTC (13 years, 1 month ago) by dlg
Branch: MAIN
Changes since 1.115: +3 -3 lines
Diff to previous 1.115 (colored)
reintroduce using the RB tree for local address lookups. this is confusing because both addresses and broadcast addresses are put into the tree. there are two types of local address lookup. the first is when the socket layer wants a local address, the second is in ip_input when the kernel is figuring out the packet is for it to process or forward. ip_input considers local addresses and broadcast addresses as local, however, the handling of broadcast addresses is different depending on whether ip_directedbcast is set. if if ip_directbcast is unset then a packet coming in on any interface to any of the systems broadcast addresses is considered local, otherwise the broadcast packet must exist on the interface it was received on. the code also needs to consider classful broadcast addresses so we can continue some legacy applications (eg, netbooting old sparcs that use rarp and bootparam requests to classful broadcast addresses as per PR6382). this diff maintains that support, but restricts it to packets that are broadcast on the link layer (eg, ethernet broadcasted packets), and it only looks up addresses on the local interface. we now only support classful broadcast addresses on local interfaces to avoid weird side effects with packets routed to us. the ip4 socket layer does lookups for local addresses with a wrapper around the global address tree that rejects matches against broadcast addresses. we now no longer support bind sockets to broadcast addresses, no matter what the value of ip_directedbcast is. ok henning@ testing (and possibly ok) claudio@
Revision 1.115 / (download) - annotate - [select for diffs], Thu Apr 14 08:15:26 2011 UTC (13 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.114: +3 -2 lines
Diff to previous 1.114 (colored)
Backout the in_iawithaddr() -> ifa_ifwithaddr() change. There is a massive issue with broadcast addrs because ifa_ifwithaddr() handles them differently then in_iawithaddr().
Revision 1.114 / (download) - annotate - [select for diffs], Mon Apr 4 13:26:46 2011 UTC (13 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.113: +2 -3 lines
Diff to previous 1.113 (colored)
in_iawithaddr -> ifawithaddr the latter is now much faster and the former becomes a wrapper + compat hacks around the latter in a bit. ok dlg sthen and "ah hai" from various in various bars here
Revision 1.113 / (download) - annotate - [select for diffs], Sat Jul 3 04:44:51 2010 UTC (13 years, 11 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.112: +33 -35 lines
Diff to previous 1.112 (colored)
Fix the naming of interfaces and variables for rdomains and rtables and make it possible to bind sockets (including listening sockets!) to rtables and not just rdomains. This changes the name of the system calls, socket option, and ioctl. After building with this you should remove the files /usr/share/man/cat2/[gs]etrdomain.0. Since this removes the existing [gs]etrdomain() system calls, the libc major is bumped. Written by claudio@, criticized^Wcritiqued by me
Revision 1.112 / (download) - annotate - [select for diffs], Fri May 7 13:33:16 2010 UTC (14 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.111: +6 -5 lines
Diff to previous 1.111 (colored)
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
Revision 1.111 / (download) - annotate - [select for diffs], Fri Jan 15 18:20:23 2010 UTC (14 years, 4 months ago) by chl
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.110: +2 -3 lines
Diff to previous 1.110 (colored)
Replace pool_get() + bzero() with pool_get(..., PR_ZERO). With input from oga@ and krw@ ok oga@ krw@ thib@ markus@ mk@
Revision 1.110 / (download) - annotate - [select for diffs], Wed Dec 23 07:40:31 2009 UTC (14 years, 5 months ago) by guenther
Branch: MAIN
Changes since 1.109: +2 -2 lines
Diff to previous 1.109 (colored)
The process's rdomain should be, well, per-process and not per-rthread, so put it in struct process instead of struct proc. While at it, move the p_emul member inside struct proc so that it gets copied automatically instead of requiring manual assignment. ok deraadt@
Revision 1.109 / (download) - annotate - [select for diffs], Fri Nov 27 20:05:50 2009 UTC (14 years, 6 months ago) by guenther
Branch: MAIN
Changes since 1.108: +2 -1 lines
Diff to previous 1.108 (colored)
Add setrdomain() and getrdomain() system calls. Committing now to catch the libc major bump per request from deraadt@ Diff by reyk. ok guenther@
Revision 1.108 / (download) - annotate - [select for diffs], Fri Nov 13 20:54:05 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.107: +6 -3 lines
Diff to previous 1.107 (colored)
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
Revision 1.107 / (download) - annotate - [select for diffs], Tue Nov 3 10:59:04 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.106: +8 -4 lines
Diff to previous 1.106 (colored)
rtables are stacked on rdomains (it is possible to have multiple routing tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
Revision 1.106 / (download) - annotate - [select for diffs], Sun Jul 26 12:59:16 2009 UTC (14 years, 10 months ago) by thib
Branch: MAIN
Changes since 1.105: +1 -1 lines
Diff to previous 1.105 (colored)
no need to cast the return value of m_freem() to void as its a void function. ok claudio@
Revision 1.105 / (download) - annotate - [select for diffs], Fri Jun 5 00:05:22 2009 UTC (15 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.104: +51 -52 lines
Diff to previous 1.104 (colored)
Initial support for routing domains. This allows to bind interfaces to alternate routing table and separate them from other interfaces in distinct routing tables. The same network can now be used in any doamin at the same time without causing conflicts. This diff is mostly mechanical and adds the necessary rdomain checks accross net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6. input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
Revision 1.104 / (download) - annotate - [select for diffs], Sun Mar 15 19:40:41 2009 UTC (15 years, 3 months ago) by miod
Branch: MAIN
Changes since 1.103: +2 -2 lines
Diff to previous 1.103 (colored)
Introduce splsoftassert(), similar to splassert() but for soft interrupt levels. This will allow for platforms where soft interrupt levels do not map to real hardware interrupt levels to have soft ipl values overlapping hard ipl values without breaking spl asserts.
Revision 1.103 / (download) - annotate - [select for diffs], Thu Oct 23 22:22:44 2008 UTC (15 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.102: +3 -3 lines
Diff to previous 1.102 (colored)
use the correct idiom for NFOO things which come from "foo.h" files ok dlg
Revision 1.92.2.1 / (download) - annotate - [select for diffs], Wed Jul 30 05:36:15 2008 UTC (15 years, 10 months ago) by brad
Branch: OPENBSD_4_3
Changes since 1.92: +4 -3 lines
Diff to previous 1.92 (colored) next main 1.93 (colored)
when detaching pcbs, also free the v6 output options so that we do not leak kernel memory for every closed v6 descriptor with certain options set
Revision 1.89.2.1 / (download) - annotate - [select for diffs], Wed Jul 30 05:27:03 2008 UTC (15 years, 10 months ago) by brad
Branch: OPENBSD_4_2
Changes since 1.89: +4 -3 lines
Diff to previous 1.89 (colored) next main 1.90 (colored)
when detaching pcbs, also free the v6 output options so that we do not leak kernel memory for every closed v6 descriptor with certain options set
Revision 1.102 / (download) - annotate - [select for diffs], Tue Jul 29 21:46:27 2008 UTC (15 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.101: +4 -3 lines
Diff to previous 1.101 (colored)
when detaching pcbs, also free the v6 output options so that we do not leak kernel memory for every closed v6 descriptor with certain options set ok otto jsing todd claudio
Revision 1.101 / (download) - annotate - [select for diffs], Wed Jul 9 20:20:45 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.100: +3 -14 lines
Diff to previous 1.100 (colored)
expand the net.inet.(tcp|udp).baddynamic dynamic source port skipping bitmasks to cover the entire 65536 port space - previously they covered 512-1024 only. sysctl needs to be updated to cope with this change; please "make includes" before rebuilding it. feedback millert@ ok millert@ deraadt@ markus@
Revision 1.100 / (download) - annotate - [select for diffs], Thu Jul 3 15:46:24 2008 UTC (15 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.99: +5 -1 lines
Diff to previous 1.99 (colored)
link pf state keys to tcp pcbs and vice versa. when we first do a pcb lookup and we have a pointer to a pf state key in the mbuf header, store the state key pointer in the pcb and a pointer to the pcb we just found in the state key. when either the state key or the pcb is removed, clear the pointers. on subsequent packets inbound we can skip the pcb lookup and just use the pointer from the state key. on subsequent packets outbound we can skip the state key lookup and use the pointer from the pcb. about 8% speedup with 100 concurrent tcp sessions, should help much more with more tcp sessions. ok markus ryan
Revision 1.99 / (download) - annotate - [select for diffs], Fri May 23 15:51:12 2008 UTC (16 years ago) by thib
Branch: MAIN
Changes since 1.98: +5 -5 lines
Diff to previous 1.98 (colored)
Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.
OK markus@, blambert@.
"go ahead" deraadt@.
Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.
Revision 1.98 / (download) - annotate - [select for diffs], Thu May 15 19:40:38 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.97: +13 -6 lines
Diff to previous 1.97 (colored)
divert for ipv6; ok henning, pyr
Revision 1.97 / (download) - annotate - [select for diffs], Fri May 9 03:14:07 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
should check for null pointers; from henning@
Revision 1.96 / (download) - annotate - [select for diffs], Fri May 9 02:52:15 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.95: +3 -2 lines
Diff to previous 1.95 (colored)
Add SO_BINDANY socket option from BSD/OS. The option allows a socket to be bound to addresses which are not local to the machine. In order to receive packets for these addresses SO_BINDANY needs to be combined with matching outgoing pf(4) divert rules, see pf.conf(5). ok beck@
Revision 1.95 / (download) - annotate - [select for diffs], Fri May 9 02:44:54 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.94: +16 -6 lines
Diff to previous 1.94 (colored)
divert packets to local socket without modifying the ip header; makes transparent proxies much easier; ok beck@, feedback claudio@
Revision 1.94 / (download) - annotate - [select for diffs], Wed May 7 05:14:21 2008 UTC (16 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.93: +2 -2 lines
Diff to previous 1.93 (colored)
Implement routing priorities. Every route inserted has a priority assigned and the one route with the lowest number wins. This will be used by the routing daemons to resolve the synchronisations issue in case of conflicts. The nasty bits of this are in the multipath code. If no priority is specified the kernel will choose an appropriate priority. Looked at by a few people at n2k8 code is much older
Revision 1.93 / (download) - annotate - [select for diffs], Fri Apr 18 06:42:20 2008 UTC (16 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.92: +3 -3 lines
Diff to previous 1.92 (colored)
use arc4random_uniform() for random number requests that are not a power of two. use arc4random_bytes() when requesting more than a word of PRNG output. ok deraadt@
Revision 1.92 / (download) - annotate - [select for diffs], Sun Dec 30 21:13:27 2007 UTC (16 years, 5 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE
Branch point for: OPENBSD_4_3
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
A struct rt_addrinfo is needed for rt_missmsg() so we can use rtrequest1() directly instead of takeing the detour via rtrequest(). OK henning@ markus@
Revision 1.91 / (download) - annotate - [select for diffs], Mon Nov 26 09:28:33 2007 UTC (16 years, 6 months ago) by martynas
Branch: MAIN
Changes since 1.90: +4 -4 lines
Diff to previous 1.90 (colored)
typos; ok jmc@ sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@ sys/dev/pci/bktr/* ok jakemsr@
Revision 1.90 / (download) - annotate - [select for diffs], Sat Sep 1 18:49:28 2007 UTC (16 years, 9 months ago) by henning
Branch: MAIN
Changes since 1.89: +2 -1 lines
Diff to previous 1.89 (colored)
since the MGET* macros were changed to function calls, there wasn't any need for the pool declarations and the inclusion of pool.h From: tbert <bret.lambert@gmail.com>
Revision 1.89 / (download) - annotate - [select for diffs], Tue Apr 10 17:47:55 2007 UTC (17 years, 2 months ago) by miod
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE
Branch point for: OPENBSD_4_2
Changes since 1.88: +2 -2 lines
Diff to previous 1.88 (colored)
``it's'' -> ``its'' when the grammar gods require this change.
Revision 1.88 / (download) - annotate - [select for diffs], Sun Jun 18 11:47:45 2006 UTC (17 years, 11 months ago) by pascoe
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.87: +4 -4 lines
Diff to previous 1.87 (colored)
Add support for equal-cost multipath IP. To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table. To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1 testing norby@ ok claudio@ henning@ hshoexer@
Revision 1.87 / (download) - annotate - [select for diffs], Fri Jun 16 16:49:40 2006 UTC (17 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.86: +3 -3 lines
Diff to previous 1.86 (colored)
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
Revision 1.86 / (download) - annotate - [select for diffs], Sat Apr 22 19:43:07 2006 UTC (18 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
Routes announced via rt_missmsg() do not have rtm_index set. While in most cases harmless it is used by the IPv6 code. The result is that bgpd is unable to assigning link local addresses to the correct interface. OK henning@ Fix for PR 5063.
Revision 1.85 / (download) - annotate - [select for diffs], Sun Mar 5 21:48:56 2006 UTC (18 years, 3 months ago) by miod
Branch: MAIN
Changes since 1.84: +14 -15 lines
Diff to previous 1.84 (colored)
Use more queue macros rather than doing it by hand; ok otto@ krw@
Revision 1.84 / (download) - annotate - [select for diffs], Fri Jun 24 07:57:24 2005 UTC (18 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.83: +8 -28 lines
Diff to previous 1.83 (colored)
simplify port allocation in pcb_bind(); based on freebsd; ok claudio henning
Revision 1.83 / (download) - annotate - [select for diffs], Mon Dec 6 02:46:34 2004 UTC (19 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.82: +8 -1 lines
Diff to previous 1.82 (colored)
also consider NFS_PORT to be a reserved port, as in 1.18 or something like that.
Revision 1.82 / (download) - annotate - [select for diffs], Mon Dec 6 02:41:43 2004 UTC (19 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.81: +5 -3 lines
Diff to previous 1.81 (colored)
ipsec udpencap check was done after baddynamicports ports checks (those tables only map from 512 to 1023 using bitmaps, sorry); ok hshoexer
Revision 1.81 / (download) - annotate - [select for diffs], Tue Nov 23 15:35:36 2004 UTC (19 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.80: +5 -5 lines
Diff to previous 1.80 (colored)
remove wrong comments; ok deraadt
Revision 1.80 / (download) - annotate - [select for diffs], Tue Aug 10 20:12:15 2004 UTC (19 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.79: +4 -58 lines
Diff to previous 1.79 (colored)
remove in_pcbnotify, it is no longer used.
Revision 1.79 / (download) - annotate - [select for diffs], Wed Aug 4 20:45:09 2004 UTC (19 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.78: +4 -4 lines
Diff to previous 1.78 (colored)
use CIRCLEQ_XXX; ok mcbride, miod
Revision 1.78 / (download) - annotate - [select for diffs], Fri Jun 25 03:04:24 2004 UTC (19 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.77: +8 -1 lines
Diff to previous 1.77 (colored)
disallow udpencap_port in bind(0); ok ho@
Revision 1.77 / (download) - annotate - [select for diffs], Tue Jun 22 07:35:20 2004 UTC (19 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.76: +2 -3 lines
Diff to previous 1.76 (colored)
Pull the plug on source-based routing until remaining bugs are eradicated. No need to reconfig kernel or rebuild userland stuff. requested deraadt@, help beck@
Revision 1.40.2.11 / (download) - annotate - [select for diffs], Mon Jun 7 20:41:39 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.40.2.10: +2 -1 lines
Diff to previous 1.40.2.10 (colored) to branchpoint 1.40 (colored) next main 1.41 (colored)
sync to head
Revision 1.76 / (download) - annotate - [select for diffs], Sun Jun 6 16:49:09 2004 UTC (20 years ago) by cedric
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A
Changes since 1.75: +3 -2 lines
Diff to previous 1.75 (colored)
extend routing table to be able to match and route packets based on their *source* IP address in addition to their destination address. routing table "destination" now contains a "struct sockaddr_rtin" for IPv4 instead of a "struct sockaddr_in". the routing socket has been extended in a backward-compatible way. todo: PMTU enhancements, IPv6. ok deraadt@ mcbride@
Revision 1.40.2.10 / (download) - annotate - [select for diffs], Sat Jun 5 23:11:25 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.40.2.9: +3 -2 lines
Diff to previous 1.40.2.9 (colored) to branchpoint 1.40 (colored)
Merge with the trunk
Revision 1.75 / (download) - annotate - [select for diffs], Fri Mar 12 17:49:23 2004 UTC (20 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.74: +4 -3 lines
Diff to previous 1.74 (colored)
Fix rtentry leak in in_losing(). The rtentry needs to be freed in anycase. Found by Greg Wooledge. A lot of debugging and help by dhartmei@ markus@ cedric@. OK dhartmei@ markus@ deraadt@
Revision 1.40.2.9 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:23 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.40.2.8: +196 -38 lines
Diff to previous 1.40.2.8 (colored) to branchpoint 1.40 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.74 / (download) - annotate - [select for diffs], Fri Jan 2 16:08:54 2004 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.73: +11 -3 lines
Diff to previous 1.73 (colored)
use pool for pcb; with grange@ like netbsd; ok itojun@, cedric@
Revision 1.73 / (download) - annotate - [select for diffs], Sun Dec 21 15:12:27 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.72: +7 -4 lines
Diff to previous 1.72 (colored)
change in*_pcbnotify to return numbers of matches; ok itojun, mcbride, henning
Revision 1.72 / (download) - annotate - [select for diffs], Sun Dec 21 14:57:19 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.71: +8 -8 lines
Diff to previous 1.71 (colored)
use CIRCLEQ* for pcb's; ok deraadt, henning, mcbride, with help from canacar
Revision 1.71 / (download) - annotate - [select for diffs], Wed Dec 10 07:22:43 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.70: +21 -21 lines
Diff to previous 1.70 (colored)
de-register. deraadt ok
Revision 1.70 / (download) - annotate - [select for diffs], Mon Dec 8 07:07:36 2003 UTC (20 years, 6 months ago) by mcbride
Branch: MAIN
Changes since 1.69: +33 -14 lines
Diff to previous 1.69 (colored)
Mbuf tag tcp and udp packets which are translated to localhost, and
use the the presence of this tag to reverse the match order in
in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double
bind, binding to both * and localhost in order to differentiate local
from non-local connections, and potentially granting more privilege to
local ones. This change ensures that redirected connections to localhost
do not appear local to such a daemon.
Bulk of changes from dhartmei@, some changes markus@
ok dhartmei@ deraadt@
Revision 1.69 / (download) - annotate - [select for diffs], Tue Nov 4 21:43:16 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.68: +119 -2 lines
Diff to previous 1.68 (colored)
add in(6)_pcblookup_listen() and replace all calls to in_pcblookup() with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen(); in_pcblookup is now only used by bind(2); speeds up pcb lookup for listening sockets; from Claudio Jeker
Revision 1.68 / (download) - annotate - [select for diffs], Sat Oct 25 12:15:24 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.67: +16 -5 lines
Diff to previous 1.67 (colored)
additional hash for local port; improves speed of implicit bind from >1000K cpu cycles to 20-30K for 18000 sockets on i386; test+feedback by Claudio Jeker; ok itojun@; [make sure you rebuild netstat/systat, too]
Revision 1.67 / (download) - annotate - [select for diffs], Fri Aug 15 20:32:20 2003 UTC (20 years, 10 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored)
change arguments to suser. suser now takes the process, and a flags argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@
Revision 1.40.2.8 / (download) - annotate - [select for diffs], Sat Jun 7 11:06:08 2003 UTC (21 years ago) by ho
Branch: SMP
Changes since 1.40.2.7: +2 -6 lines
Diff to previous 1.40.2.7 (colored) to branchpoint 1.40 (colored)
Sync SMP branch to -current
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jun 2 23:28:13 2003 UTC (21 years ago) by millert
Branch: MAIN
Changes since 1.65: +2 -6 lines
Diff to previous 1.65 (colored)
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
Revision 1.58.2.4 / (download) - annotate - [select for diffs], Mon May 19 22:40:40 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.58.2.3: +4 -2 lines
Diff to previous 1.58.2.3 (colored) to branchpoint 1.58 (colored) next main 1.59 (colored)
sync
Revision 1.40.2.7 / (download) - annotate - [select for diffs], Tue May 13 19:36:16 2003 UTC (21 years, 1 month ago) by ho
Branch: SMP
Changes since 1.40.2.6: +4 -2 lines
Diff to previous 1.40.2.6 (colored) to branchpoint 1.40 (colored)
Sync the SMP branch to -current. This includes moving to ELF.
Revision 1.65 / (download) - annotate - [select for diffs], Tue May 6 20:35:14 2003 UTC (21 years, 1 month ago) by tedu
Branch: MAIN
CVS Tags: UBC_SYNC_A
Changes since 1.64: +4 -2 lines
Diff to previous 1.64 (colored)
use M_NOWAIT instead of WAITOK for the hashtable allocation. ok itojun@
Revision 1.40.2.6 / (download) - annotate - [select for diffs], Fri Mar 28 00:06:54 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.40.2.5: +27 -27 lines
Diff to previous 1.40.2.5 (colored) to branchpoint 1.40 (colored)
Sync the SMP branch with 3.3
Revision 1.58.2.3 / (download) - annotate - [select for diffs], Tue Oct 29 00:36:46 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.58.2.2: +18 -16 lines
Diff to previous 1.58.2.2 (colored) to branchpoint 1.58 (colored)
sync to -current
Revision 1.64 / (download) - annotate - [select for diffs], Wed Sep 11 03:15:36 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
KNF - return is not a function. sync w/kame
Revision 1.63 / (download) - annotate - [select for diffs], Tue Jun 11 05:13:59 2002 UTC (22 years ago) by art
Branch: MAIN
Changes since 1.62: +4 -2 lines
Diff to previous 1.62 (colored)
splassert where comments tell us to.
Revision 1.58.2.2 / (download) - annotate - [select for diffs], Tue Jun 11 03:31:36 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.58.2.1: +14 -16 lines
Diff to previous 1.58.2.1 (colored) to branchpoint 1.58 (colored)
Sync UBC branch to -current
Revision 1.62 / (download) - annotate - [select for diffs], Sun Jun 9 16:26:10 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.61: +14 -14 lines
Diff to previous 1.61 (colored)
whitespace
Revision 1.61 / (download) - annotate - [select for diffs], Fri May 31 02:39:25 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.60: +12 -14 lines
Diff to previous 1.60 (colored)
Keep an policy attached to each socket (that needs it), and cleanup as needed on socket tear-down.
Revision 1.40.2.5 / (download) - annotate - [select for diffs], Thu Mar 28 14:56:45 2002 UTC (22 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.40.2.4: +2 -2 lines
Diff to previous 1.40.2.4 (colored) to branchpoint 1.40 (colored)
Merge in -current from roughly a week ago
Revision 1.60 / (download) - annotate - [select for diffs], Thu Mar 14 01:27:11 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored)
First round of __P removal in sys
Revision 1.40.2.4 / (download) - annotate - [select for diffs], Wed Mar 6 02:15:07 2002 UTC (22 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.40.2.3: +1 -98 lines
Diff to previous 1.40.2.3 (colored) to branchpoint 1.40 (colored)
Merge in trunk
Revision 1.58.2.1 / (download) - annotate - [select for diffs], Thu Jan 31 22:55:44 2002 UTC (22 years, 4 months ago) by niklas
Branch: UBC
Changes since 1.58: +1 -80 lines
Diff to previous 1.58 (colored)
Merge in -current, builds on i386, otherwise untested
Revision 1.59 / (download) - annotate - [select for diffs], Mon Jan 21 05:33:14 2002 UTC (22 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.58: +1 -80 lines
Diff to previous 1.58 (colored)
remove couple of #if 0'ed portion we will never use
Revision 1.58 / (download) - annotate - [select for diffs], Thu Dec 6 02:21:48 2001 UTC (22 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: UBC_BASE
Branch point for: UBC
Changes since 1.57: +1 -11 lines
Diff to previous 1.57 (colored)
remove obsolete comment; we don't support IPv4 mapped addr
Revision 1.57 / (download) - annotate - [select for diffs], Thu Dec 6 02:12:52 2001 UTC (22 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.56: +1 -9 lines
Diff to previous 1.56 (colored)
remove #if 0'ed portion (for KAME IPSEC - not needed)
Revision 1.40.2.3 / (download) - annotate - [select for diffs], Wed Oct 31 03:29:03 2001 UTC (22 years, 7 months ago) by nate
Branch: SMP
Changes since 1.40.2.2: +3 -1 lines
Diff to previous 1.40.2.2 (colored) to branchpoint 1.40 (colored)
Sync the SMP branch to something just after 3.0
Revision 1.56 / (download) - annotate - [select for diffs], Thu Jul 5 16:45:54 2001 UTC (22 years, 11 months ago) by jjbg
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.55: +3 -1 lines
Diff to previous 1.55 (colored)
IPComp support. angelos@ ok.
Revision 1.40.2.2 / (download) - annotate - [select for diffs], Wed Jul 4 10:54:33 2001 UTC (22 years, 11 months ago) by niklas
Branch: SMP
Changes since 1.40.2.1: +50 -28 lines
Diff to previous 1.40.2.1 (colored) to branchpoint 1.40 (colored)
Merge in -current from two days ago in the SMP branch. As usual with merges, they do not indicate progress, so do not hold your breath for working SMP, and do not mail me and ask about the state of it. It has not changed. There is work ongoing, but very, very slowly. The commit is done in parts as to not lock up the tree in too big chunks at a time.
Revision 1.55 / (download) - annotate - [select for diffs], Tue Jun 12 10:59:53 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.54: +5 -3 lines
Diff to previous 1.54 (colored)
IPsec-related socket options; these can be set/removed/retrieved, but are not taken into consideration in anything just yet.
Revision 1.54 / (download) - annotate - [select for diffs], Fri Jun 8 03:53:45 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.53: +1 -15 lines
Diff to previous 1.53 (colored)
Cut down on include files.
Revision 1.53 / (download) - annotate - [select for diffs], Tue Jun 5 02:31:35 2001 UTC (23 years ago) by deraadt
Branch: MAIN
Changes since 1.52: +38 -14 lines
Diff to previous 1.52 (colored)
repair copyright notices for NRL & cmetz; cmetz
Revision 1.52 / (download) - annotate - [select for diffs], Sun May 27 03:54:12 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.51: +3 -1 lines
Diff to previous 1.51 (colored)
Free IPsec authentication material on PCB tear down.
Revision 1.51 / (download) - annotate - [select for diffs], Mon May 21 03:02:18 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.50: +9 -1 lines
Diff to previous 1.50 (colored)
Use a reference-counted structure for IPsec IDs and credentials, so we can cheaply keep copies of them at the PCB. ok deraadt@
Revision 1.40.2.1 / (download) - annotate - [select for diffs], Mon May 14 22:40:08 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.40: +75 -26 lines
Diff to previous 1.40 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.50 / (download) - annotate - [select for diffs], Wed Mar 28 20:03:02 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.49: +7 -3 lines
Diff to previous 1.49 (colored)
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
Revision 1.49 / (download) - annotate - [select for diffs], Thu Feb 8 18:46:22 2001 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
witch raw ip6 socket code from NRL to kame. makes upgrades/code sharing much easier.
Revision 1.48 / (download) - annotate - [select for diffs], Wed Oct 11 09:14:10 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE,
OPENBSD_2_8
Changes since 1.47: +11 -20 lines
Diff to previous 1.47 (colored)
nuke inp_flags bits for controlling IPv4 mapped address. we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
Revision 1.47 / (download) - annotate - [select for diffs], Tue Oct 10 15:16:01 2000 UTC (23 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.46: +1 -33 lines
Diff to previous 1.46 (colored)
verify payload of the icmp need fragment message at the tcp layer. okay itojun@
Revision 1.46 / (download) - annotate - [select for diffs], Mon Oct 9 14:39:46 2000 UTC (23 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.45: +33 -1 lines
Diff to previous 1.45 (colored)
check if we have a tcb connected to the destination quoted in the icmp need fragment message when doing path mtu discovery. okay angelos@
Revision 1.45 / (download) - annotate - [select for diffs], Wed Sep 20 16:39:50 2000 UTC (23 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.44: +8 -2 lines
Diff to previous 1.44 (colored)
fix in_pcbrtentry
Revision 1.44 / (download) - annotate - [select for diffs], Tue Sep 19 03:20:57 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.43: +3 -4 lines
Diff to previous 1.43 (colored)
Lots and lots of changes.
Revision 1.43 / (download) - annotate - [select for diffs], Mon Sep 18 22:06:37 2000 UTC (23 years, 8 months ago) by provos
Branch: MAIN
Changes since 1.42: +38 -1 lines
Diff to previous 1.42 (colored)
Path MTU discovery based on NetBSD but with the decision to use the DF flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
Revision 1.42 / (download) - annotate - [select for diffs], Thu Apr 27 09:23:21 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.41: +7 -3 lines
Diff to previous 1.41 (colored)
avoid infinite loop in in{6,}_pcbnotify (can occurs on family mismatch)
Revision 1.41 / (download) - annotate - [select for diffs], Fri Apr 21 11:42:23 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.40: +9 -1 lines
Diff to previous 1.40 (colored)
NRL pcb issue; inp_{f,l}addr{,6} is a union so we need to be sure about
af match.
- do not touch IPv4 pcb entries on in6_pcbnotify.
- do not touch IPv6 pcb entries on in_pcbnotify.
Revision 1.40 / (download) - annotate - [select for diffs], Tue Jan 4 10:39:21 2000 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: SMP_BASE
Branch point for: SMP
Changes since 1.39: +4 -2 lines
Diff to previous 1.39 (colored)
if we call in6_setpeeraddr, don't visit code for ipv4. (the case seems to be never bisited)
Revision 1.39 / (download) - annotate - [select for diffs], Sun Dec 19 01:57:07 1999 UTC (24 years, 5 months ago) by angelos
Branch: MAIN
Changes since 1.38: +1 -11 lines
Diff to previous 1.38 (colored)
Remove PCB protocol checks rendered unnecessary by the previous commit.
Revision 1.38 / (download) - annotate - [select for diffs], Sun Dec 19 01:51:32 1999 UTC (24 years, 5 months ago) by angelos
Branch: MAIN
Changes since 1.37: +6 -1 lines
Diff to previous 1.37 (colored)
Be a bit more paranoid when searching for a PCB in the presence of IPv6.
Revision 1.37 / (download) - annotate - [select for diffs], Fri Dec 17 22:47:04 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.36: +15 -1 lines
Diff to previous 1.36 (colored)
do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address is bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
Revision 1.36 / (download) - annotate - [select for diffs], Wed Dec 8 11:36:40 1999 UTC (24 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.35: +9 -7 lines
Diff to previous 1.35 (colored)
Identation.
Revision 1.35 / (download) - annotate - [select for diffs], Wed Dec 8 06:50:19 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kame_19991208
Changes since 1.34: +134 -12 lines
Diff to previous 1.34 (colored)
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
Revision 1.34 / (download) - annotate - [select for diffs], Sun May 16 21:48:29 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.33: +3 -1 lines
Diff to previous 1.33 (colored)
spltdb introduced, protection for tdb lists and related structures, so they won't disappear behind our back by an expiration. Cleanup expiration logic too.
Revision 1.33 / (download) - annotate - [select for diffs], Wed Apr 28 09:28:16 1999 UTC (25 years, 1 month ago) by art
Branch: MAIN
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)
zap the newhashinit hack. Add an extra flag to hashinit telling if it should wait in malloc. update all calls to hashinit.
Revision 1.32 / (download) - annotate - [select for diffs], Sat Mar 27 21:04:18 1999 UTC (25 years, 2 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.31: +3 -1 lines
Diff to previous 1.31 (colored)
add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Mar 24 02:28:21 1999 UTC (25 years, 2 months ago) by cmetz
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
Revision 1.30 / (download) - annotate - [select for diffs], Wed Feb 24 22:32:57 1999 UTC (25 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.29: +1 -2 lines
Diff to previous 1.29 (colored)
Remove encap.h include; saner debugging printfs; fix buglets; work with pfkeyv2.
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jan 11 02:01:34 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.28: +5 -3 lines
Diff to previous 1.28 (colored)
netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz
Revision 1.28 / (download) - annotate - [select for diffs], Fri Jan 8 07:47:22 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.27: +6 -11 lines
Diff to previous 1.27 (colored)
remove NRL debugging goop; cmetz
Revision 1.27 / (download) - annotate - [select for diffs], Thu Jan 7 21:50:51 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.26: +210 -23 lines
Diff to previous 1.26 (colored)
INET6 support
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jan 7 06:05:04 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.25: +13 -11 lines
Diff to previous 1.25 (colored)
in_pcblookup() now takes ptr to both ip address arguments
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jan 7 05:44:31 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.24: +11 -13 lines
Diff to previous 1.24 (colored)
rename baddynamic() to in_baddynamic(), and export it
Revision 1.24 / (download) - annotate - [select for diffs], Mon May 18 21:10:27 1998 UTC (26 years, 1 month ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_4_BASE,
OPENBSD_2_4
Changes since 1.23: +15 -4 lines
Diff to previous 1.23 (colored)
first step to the setsockopt/getsockopt interface as described in draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
Revision 1.23 / (download) - annotate - [select for diffs], Sat Feb 14 18:50:35 1998 UTC (26 years, 4 months ago) by mickey
Branch: MAIN
CVS Tags: OPENBSD_2_3_BASE,
OPENBSD_2_3
Changes since 1.22: +5 -7 lines
Diff to previous 1.22 (colored)
wildcard ifaces; finally, after HE said it's ok
Revision 1.22 / (download) - annotate - [select for diffs], Sat Feb 14 10:55:10 1998 UTC (26 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)
add seperate so_euid & so_ruid to struct socket, so that identd is still fast.. Sigh. I will change this again later
Revision 1.21 / (download) - annotate - [select for diffs], Sun Feb 1 21:46:02 1998 UTC (26 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +9 -7 lines
Diff to previous 1.20 (colored)
undo wildcard loopback stuff; it was not checked by other developers
Revision 1.20 / (download) - annotate - [select for diffs], Sun Feb 1 18:09:22 1998 UTC (26 years, 4 months ago) by mickey
Branch: MAIN
Changes since 1.19: +8 -10 lines
Diff to previous 1.19 (colored)
support wildcard loopbacks. that is, setting up lo1 like: ifconfig lo1 inet 192.168.1.1 netmask 255.255.255.0 link1 would force it to act like all the addresses from net 192.168.1 were added to the interface. todo: man lo
Revision 1.19 / (download) - annotate - [select for diffs], Sun Nov 30 06:10:43 1997 UTC (26 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.18: +4 -3 lines
Diff to previous 1.18 (colored)
hmm. If out of ports, return EADDRNOTAVAIL
Revision 1.18 / (download) - annotate - [select for diffs], Sat Aug 9 23:36:26 1997 UTC (26 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_2_2_BASE,
OPENBSD_2_2
Changes since 1.17: +19 -19 lines
Diff to previous 1.17 (colored)
The list of tcp/udp ports not to allocate dynamically is now a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
Revision 1.17 / (download) - annotate - [select for diffs], Sun Jul 27 08:11:10 1997 UTC (26 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +31 -3 lines
Diff to previous 1.16 (colored)
hardcode list of ports to not randomly allocate; will add configuration later
Revision 1.16 / (download) - annotate - [select for diffs], Thu Apr 17 02:02:26 1997 UTC (27 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_1_BASE,
OPENBSD_2_1
Changes since 1.15: +10 -16 lines
Diff to previous 1.15 (colored)
make unconnected sockets get a random port #, too
Revision 1.15 / (download) - annotate - [select for diffs], Fri Feb 28 04:03:47 1997 UTC (27 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.14: +11 -1 lines
Diff to previous 1.14 (colored)
Moved IPsec socket state to the PCB.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Feb 5 15:48:23 1997 UTC (27 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.13: +4 -3 lines
Diff to previous 1.13 (colored)
use arc4random()
Revision 1.13 / (download) - annotate - [select for diffs], Wed Jan 15 03:27:14 1997 UTC (27 years, 5 months ago) by kstailey
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
prevent warning: in_pcb.c:182: warning: `old' might be used uninitialized in this function
Revision 1.12 / (download) - annotate - [select for diffs], Sat Aug 24 04:56:39 1996 UTC (27 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_0_BASE,
OPENBSD_2_0
Changes since 1.11: +3 -4 lines
Diff to previous 1.11 (colored)
change to so_uid, also fix a missing credential found by dm
Revision 1.11 / (download) - annotate - [select for diffs], Mon Aug 5 01:17:25 1996 UTC (27 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
stupid typo, going to bed in penance
Revision 1.10 / (download) - annotate - [select for diffs], Mon Aug 5 01:16:45 1996 UTC (27 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +8 -6 lines
Diff to previous 1.9 (colored)
only check for takeover permission if non-root
Revision 1.9 / (download) - annotate - [select for diffs], Mon Aug 5 01:00:57 1996 UTC (27 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +6 -9 lines
Diff to previous 1.8 (colored)
struct socket gets so_ucred; permit only same uid or root to do port takeover.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Jul 29 07:54:58 1996 UTC (27 years, 10 months ago) by downsj
Branch: MAIN
Changes since 1.7: +3 -4 lines
Diff to previous 1.7 (colored)
Fix stupid logic error in bind().
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jul 29 05:03:33 1996 UTC (27 years, 10 months ago) by downsj
Branch: MAIN
Changes since 1.6: +7 -1 lines
Diff to previous 1.6 (colored)
Make 600, instead of 512, the lower limit for reserved ports.
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jul 29 04:47:21 1996 UTC (27 years, 10 months ago) by downsj
Branch: MAIN
Changes since 1.5: +30 -4 lines
Diff to previous 1.5 (colored)
Fix a small bug and change the logic of the bind() port choosing: Use a random starting point the first time through the loop.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jul 29 02:34:29 1996 UTC (27 years, 10 months ago) by downsj
Branch: MAIN
Changes since 1.4: +67 -9 lines
Diff to previous 1.4 (colored)
From FreeBSD (with slightly different sysctl names): "... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."
Revision 1.4 / (download) - annotate - [select for diffs], Tue May 14 19:37:34 1996 UTC (28 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.3: +9 -1 lines
Diff to previous 1.3 (colored)
non-root bind() to 2049 gets EADDRINUSE
Revision 1.3 / (download) - annotate - [select for diffs], Thu Mar 14 07:58:29 1996 UTC (28 years, 3 months ago) by tholo
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
From Lite2; we should fail a malloc, not block waiting for memory to become available in in_pcballoc()
Revision 1.2 / (download) - annotate - [select for diffs], Sun Mar 3 22:30:31 1996 UTC (28 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.1: +108 -32 lines
Diff to previous 1.1 (colored)
From NetBSD: 960217 merge
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed Oct 18 08:53:10 1995 UTC (28 years, 8 months ago) by deraadt
CVS Tags: netbsd_1_1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
initial import of NetBSD tree
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 18 08:53:10 1995 UTC (28 years, 8 months ago) by deraadt
Branch: MAIN
Initial revision