![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / netinet
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.320 / (download) - annotate - [select for diffs], Wed Apr 17 20:48:51 2024 UTC (7 weeks, 5 days ago) by bluhm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.319: +3 -3 lines
Diff to previous 1.319 (colored)
Use struct ipsec_level within inpcb. Instead of passing around u_char[4], introduce struct ipsec_level that contains 4 ipsec levels. This provides better type safety. The embedding struct inpcb is globally visible for netstat(1), so put struct ipsec_level outside of #ifdef _KERNEL. OK deraadt@ mvs@
Revision 1.319 / (download) - annotate - [select for diffs], Fri Apr 12 16:07:09 2024 UTC (8 weeks, 3 days ago) by bluhm
Branch: MAIN
Changes since 1.318: +8 -8 lines
Diff to previous 1.318 (colored)
Split single TCP inpcb table into IPv4 and IPv6 parts. With two separate TCP hash tables, each one becomes smaller. When we remove the exclusive net lock from TCP, contention on internet PCB table mutex will be reduced. UDP has been split earlier into IPv4 and IPv6. Replace branch conditions based on INP_IPV6 with assertions. OK mvs@
Revision 1.318 / (download) - annotate - [select for diffs], Sun Feb 11 18:14:26 2024 UTC (3 months, 4 weeks ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.317: +4 -4 lines
Diff to previous 1.317 (colored)
Use `sb_mtx' instead of `inp_mtx' in receive path for inet sockets. In soreceve(), we only touch `so_rcv' socket buffer, which has it's own `sb_mtx' mutex(9) for protection. So, we can avoid solock() in this path - it's enough to hold `sb_mtx' in soreceive() and around corresponding sbappend*(). But not right now :) This time we use shared netlock for some inet sockets in the soreceive() path. To protect `so_rcv' buffer we use `inp_mtx' mutex(9) and the pru_lock() to acquire this mutex(9) in socket layer. But the `inp_mtx' mutex belongs to the PCB. We initialize socket before PCB, tcp(4) sockets could exist without PCB, so use `sb_mtx' mutex(9) to protect sockbuf stuff. This diff mechanically replaces `inp_mtx' by `sb_mtx' in the receive path. Only for sockets which already use `inp_mtx'. All other sockets left as is. They will be converted later. Since the `sb_mtx' is optional, the new SB_MTXLOCK flag introduced. If this flag is set on `sb_flags', the `sb_mtx' mutex(9) should be taken. New sb_mtx_lock() and sb_mtx_unlock() was introduced to hide this check. They are temporary and will be replaced by mtx_enter() when all this area will be converted to `sb_mtx' mutex(9). Also, the new sbmtxassertlocked() function introduced to throw corresponding assertion for SB_MTXLOCK marked buffers. This time only sbappendaddr() calls it. This function is also temporary and will be replaced by MTX_ASSERT_LOCKED() later. ok bluhm
Revision 1.317 / (download) - annotate - [select for diffs], Sat Feb 3 22:50:09 2024 UTC (4 months ago) by mvs
Branch: MAIN
Changes since 1.316: +11 -1 lines
Diff to previous 1.316 (colored)
Rework socket buffers locking for shared netlock.
Shared netlock is not sufficient to call so{r,w}wakeup(). The following
sowakeup() modifies `sb_flags' and knote(9) stuff. Unfortunately, we
can't call so{r,w}wakeup() with `inp_mtx' mutex(9) because sowakeup()
also calls pgsigio() which grabs kernel lock.
However, `so*_filtops' callbacks only perform read-only access to the
socket stuff, so it is enough to hold shared netlock only, but the klist
stuff needs to be protected.
This diff introduces `sb_mtx' mutex(9) to protect sockbuf. This time
`sb_mtx' used to protect only `sb_flags' and `sb_klist'.
Now we have soassertlocked_readonly() and soassertlocked(). The first
one is happy if only shared netlock is held, meanwhile the second wants
`so_lock' or pru_lock() be held together with shared netlock.
To keep soassertlocked*() assertions soft, we need to know mutex(9)
state, so new mtx_owned() macro was introduces. Also, the new optional
(*pru_locked)() handler brings the state of pru_lock().
Tests and ok from bluhm.
Revision 1.316 / (download) - annotate - [select for diffs], Sun Jan 28 20:34:25 2024 UTC (4 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.315: +2 -2 lines
Diff to previous 1.315 (colored)
Use more specific sockaddr type for inpcb notify. in_pcbnotifyall() is an IPv4 only function. All callers check that sockaddr dst is in fact a sockaddr_in. Pass the more spcific type and remove the runtime check at beginning of in_pcbnotifyall(). Use const sockaddr_in in in_pcbnotifyall() and const sockaddr_in6 in6_pcbnotify() as dst parameter. OK millert@
Revision 1.315 / (download) - annotate - [select for diffs], Sun Jan 21 01:17:20 2024 UTC (4 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.314: +17 -19 lines
Diff to previous 1.314 (colored)
Assert that inpcb table has correct address family. Since inpcb tables for UDP and Raw IP have been split into IPv4 and IPv6, assert that INP_IPV6 flag is correct instead of checking it. While there, give the table variable a nicer name. OK sashan@ mvs@
Revision 1.314 / (download) - annotate - [select for diffs], Fri Jan 19 02:24:07 2024 UTC (4 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.313: +5 -13 lines
Diff to previous 1.313 (colored)
Unify inpcb API for inet and inet6. Many functions for IPv4 call their IPv6 counterpart if INP_IPV6 is set at the socket's pcb. By using the generic API consistently, the logic is not in the caller it gets more readable. OK mvs@
Revision 1.313 / (download) - annotate - [select for diffs], Wed Jan 10 16:44:30 2024 UTC (5 months ago) by bluhm
Branch: MAIN
Changes since 1.312: +51 -25 lines
Diff to previous 1.312 (colored)
Split UDP PCB table into IPv4 and IPv6. Having two hash tables instead of a common one, reduces table size and contention on the per table lock. The address family is always known in advance. The lookups and loops are more specific. OK sashan@
Revision 1.312 / (download) - annotate - [select for diffs], Fri Dec 1 15:30:47 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.311: +2 -9 lines
Diff to previous 1.311 (colored)
Set inp address, port and rtable together with inpcb hash. The inpcb hash table is protected by table->inpt_mtx. The hash is based on addresses, ports, and routing table. These fields were not sychronized with the hash. Put writes and hash update into the same critical section. Move the updates from ip_ctloutput(), ip6_ctloutput(), syn_cache_get(), tcp_connect(), udp_disconnect() to dedicated inpcb set functions. There they use the same table mutex as in_pcbrehash(). in_pcbbind(), in_pcbconnect(), and in6_pcbconnect() need more work and are not included yet. OK sashan@ mvs@
Revision 1.311 / (download) - annotate - [select for diffs], Fri Dec 1 14:08:03 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.310: +2 -4 lines
Diff to previous 1.310 (colored)
Make internet PCB connect more consistent. The public interface is in_pcbconnect(). It dispatches to in6_pcbconnect() if necessary. Call the former from tcp_connect() and udp_connect(). In in6_pcbconnect() initialization in6a = NULL is not necessary. in6_pcbselsrc() sets the pointer, but does not read the value. Pass a constant in6_addr pointer to in6_pcbselsrc() and in6_selectsrc(). It returns a reference to the address of some internal data structure. We want to be sure that in6_addr is not modified this way. IPv4 in_pcbselsrc() solves this by passing a copy of the address. OK kn@ sashan@ mvs@
Revision 1.310 / (download) - annotate - [select for diffs], Wed Nov 29 18:30:48 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.309: +2 -2 lines
Diff to previous 1.309 (colored)
Document inp_socket as immutable and remove NULL checks. Struct inpcb field inp_socket is initialized in in_pcballoc(). It is not NULL and never changed. OK mvs@
Revision 1.309 / (download) - annotate - [select for diffs], Tue Nov 28 13:23:20 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.308: +5 -5 lines
Diff to previous 1.308 (colored)
Remove struct inpcb from in6_embedscope() parameters. rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock. OK kn@
Revision 1.308 / (download) - annotate - [select for diffs], Mon Nov 27 20:37:15 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.307: +2 -2 lines
Diff to previous 1.307 (colored)
Add NULL check before dereferencing inp_seclevel. In some cases inp may be NULL, so check that before passing inp->inp_seclevel to ipsp_spd_lookup() or ip_output(). Missed in previous commit.
Revision 1.307 / (download) - annotate - [select for diffs], Sun Nov 26 22:08:10 2023 UTC (6 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.306: +3 -3 lines
Diff to previous 1.306 (colored)
Remove inp parameter from ip_output(). ip_output() received inp as parameter. This is only used to lookup the IPsec level of the socket. Reasoning about MP locking is much easier if only relevant data is passed around. Convert ip_output() to receive constant inp_seclevel as argument and mark it as protected by net lock. OK mvs@
Revision 1.306 / (download) - annotate - [select for diffs], Sat Sep 16 09:33:27 2023 UTC (8 months, 3 weeks ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.305: +2 -2 lines
Diff to previous 1.305 (colored)
Allow counters_read(9) to take an optional scratch buffer. Using a scratch buffer makes it possible to take a consistent snapshot of per-CPU counters without having to allocate memory. Makes ddb(4) show uvmexp command work in OOM situations. ok kn@, mvs@, cheloha@
Revision 1.305 / (download) - annotate - [select for diffs], Sun Jan 22 12:05:44 2023 UTC (16 months, 2 weeks ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.304: +2 -2 lines
Diff to previous 1.304 (colored)
Move SS_CANTRCVMORE and SS_RCVATMARK bits from `so_state' to `sb_state' of receive buffer. As it was done for SS_CANTSENDMORE bit, the definition kept as is, but now these bits belongs to the `sb_state' of receive buffer. `sb_state' ored with `so_state' when socket data exporting to the userland. ok bluhm@
Revision 1.304 / (download) - annotate - [select for diffs], Mon Oct 17 14:49:02 2022 UTC (19 months, 3 weeks ago) by mvs
Branch: MAIN
Changes since 1.303: +1 -16 lines
Diff to previous 1.303 (colored)
Change pru_abort() return type to the type of void and make pru_abort() optional. We have no interest on pru_abort() return value. We call it only from soabort() which is dummy pru_abort() wrapper and has no return value. Only the connection oriented sockets need to implement (*pru_abort)() handler. Such sockets are tcp(4) and unix(4) sockets, so remove existing code for all others, it doesn't called. ok guenther@
Revision 1.303 / (download) - annotate - [select for diffs], Mon Oct 3 16:43:52 2022 UTC (20 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.302: +3 -3 lines
Diff to previous 1.302 (colored)
System calls should not fail due to temporary memory shortage in malloc(9) or pool_get(9). Pass down a wait flag to pru_attach(). During syscall socket(2) it is ok to wait, this logic was missing for internet pcb. Pfkey and route sockets were already waiting. sonewconn() must not wait when called during TCP 3-way handshake. This logic has been preserved. Unix domain stream socket connect(2) can wait until the other side has created the socket to accept. OK mvs@
Revision 1.302 / (download) - annotate - [select for diffs], Mon Sep 5 14:56:09 2022 UTC (21 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.301: +23 -1 lines
Diff to previous 1.301 (colored)
Use shared netlock in soreceive(). The UDP and IP divert layer provide locking of the PCB. If that is possible, use shared instead of exclusive netlock in soreceive(). The PCB mutex provides a per socket lock against multiple soreceive() running in parallel. Release and regrab both locks in sosleep_nsec(). OK mvs@
Revision 1.301 / (download) - annotate - [select for diffs], Sat Sep 3 22:43:38 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.300: +3 -52 lines
Diff to previous 1.300 (colored)
Move PRU_PEERADDR request to (*pru_peeraddr)().
Introduce in{,6}_peeraddr() and use them for inet and inet6 sockets,
except tcp(4) case.
Also remove *_usrreq() handlers.
ok bluhm@
Revision 1.300 / (download) - annotate - [select for diffs], Sat Sep 3 18:48:50 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.299: +3 -10 lines
Diff to previous 1.299 (colored)
Move PRU_SOCKADDR request to (*pru_sockaddr)()
Introduce in{,6}_sockaddr() functions, and use them for all except tcp(4)
inet sockets. For tcp(4) sockets use tcp_sockaddr() to keep debug ability.
The key management and route domain sockets returns EINVAL error for
PRU_SOCKADDR request, so keep this behaviour for a while instead of make
pru_sockaddr handler optional and return EOPNOTSUPP.
ok bluhm@
Revision 1.299 / (download) - annotate - [select for diffs], Fri Sep 2 13:12:32 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.298: +17 -12 lines
Diff to previous 1.298 (colored)
Move PRU_CONTROL request to (*pru_control)().
The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.
Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.
ok guenther@ bluhm@
Revision 1.298 / (download) - annotate - [select for diffs], Thu Sep 1 18:21:23 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.297: +1 -5 lines
Diff to previous 1.297 (colored)
Move PRU_CONNECT2 request to (*pru_connect2)(). ok bluhm@
Revision 1.297 / (download) - annotate - [select for diffs], Wed Aug 31 21:23:02 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.296: +1 -2 lines
Diff to previous 1.296 (colored)
Move PRU_SENDOOB request to (*pru_sendoob)(). PRU_SENDOOB request always consumes passed `top' and `control' mbufs. To avoid dummy m_freem(9) handlers for all protocols release passed mbufs in the pru_sendoob() EOPNOTSUPP error path. Also fix `control' mbuf(9) leak in the tcp(4) PRU_SENDOOB error path. ok bluhm@
Revision 1.296 / (download) - annotate - [select for diffs], Tue Aug 30 11:53:04 2022 UTC (21 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.295: +5 -5 lines
Diff to previous 1.295 (colored)
Refactor internet PCB lookup function. Rename in_pcbhashlookup() so the public API is in_pcblookup() and in_pcblookup_listen(). For internal use introduce in_pcbhash_insert() and in_pcbhash_lookup() to avoid code duplication. Routing domain is unsigned, change the type to u_int. OK mvs@
Revision 1.295 / (download) - annotate - [select for diffs], Tue Aug 30 09:35:24 2022 UTC (21 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.294: +6 -1 lines
Diff to previous 1.294 (colored)
Protect the receive socket buffer in UDP input with per PCB mutex. OK claudio@ mvs@
Revision 1.294 / (download) - annotate - [select for diffs], Mon Aug 29 08:08:17 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.293: +1 -2 lines
Diff to previous 1.293 (colored)
Move PRU_RCVOOB request to (*pru_rcvoob)(). ok bluhm@
Revision 1.293 / (download) - annotate - [select for diffs], Sun Aug 28 21:35:12 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.292: +1 -11 lines
Diff to previous 1.292 (colored)
Move PRU_SENSE request to (*pru_sense)(). ok bluhm@
Revision 1.292 / (download) - annotate - [select for diffs], Sun Aug 28 18:44:16 2022 UTC (21 months, 1 week ago) by mvs
Branch: MAIN
Changes since 1.291: +15 -6 lines
Diff to previous 1.291 (colored)
Move PRU_ABORT request to (*pru_abort)(). We abort only the sockets which are linked to `so_q' or `so_q0' queues of listening socket. Such sockets have no corresponding file descriptor and are not accessed from userland, so PRU_ABORT used to destroy them on listening socket destruction. Currently all our sockets support PRU_ABORT request, but actually it required only for tcp(4) and unix(4) sockets, so i should be optional. However, they will be removed with separate diff, and this time PRU_ABORT requests were converted as is. Also, the socket should be destroyed on PRU_ABORT request, but route and key management sockets leave it alive. This was also converted as is, because this wrong code never called. ok bluhm@
Revision 1.291 / (download) - annotate - [select for diffs], Sat Aug 27 20:28:01 2022 UTC (21 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.290: +52 -41 lines
Diff to previous 1.290 (colored)
Move PRU_SEND request to (*pru_send)(). The former PRU_SEND error path of gre_usrreq() had `control' mbuf(9) leak. It was fixed in new gre_send(). The former pfkeyv2_send() was renamed to pfkeyv2_dosend(). ok bluhm@
Revision 1.290 / (download) - annotate - [select for diffs], Fri Aug 26 16:17:39 2022 UTC (21 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.289: +1 -2 lines
Diff to previous 1.289 (colored)
Move PRU_RCVD request to (*pru_rcvd)(). ok bluhm@
Revision 1.289 / (download) - annotate - [select for diffs], Mon Aug 22 21:18:48 2022 UTC (21 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.288: +11 -6 lines
Diff to previous 1.288 (colored)
Move PRU_SHUTDOWN request to (*pru_shutdown)(). ok bluhm@
Revision 1.288 / (download) - annotate - [select for diffs], Mon Aug 22 13:23:07 2022 UTC (21 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.287: +33 -28 lines
Diff to previous 1.287 (colored)
Move PRU_DISCONNECT request to (*pru_disconnect). ok bluhm@
Revision 1.287 / (download) - annotate - [select for diffs], Mon Aug 22 10:37:27 2022 UTC (21 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.286: +6 -2 lines
Diff to previous 1.286 (colored)
Use rwlock per inpcb table to protect notify list. The notify function may sleep, so holding a mutex is not possible. The same list entry and rwlock is used for UDP multicast and raw IP delivery. By adding a write lock, exclusive netlock is no longer necessary for PCB notify and UDP and raw IP input. OK mvs@
Revision 1.286 / (download) - annotate - [select for diffs], Mon Aug 22 08:08:46 2022 UTC (21 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.285: +1 -5 lines
Diff to previous 1.285 (colored)
Move PRU_ACCEPT request to (*pru_accept)(). ok bluhm@
Revision 1.285 / (download) - annotate - [select for diffs], Sun Aug 21 22:45:55 2022 UTC (21 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.284: +30 -23 lines
Diff to previous 1.284 (colored)
Move PRU_CONNECT request to (*pru_connect)() handler. ok bluhm@
Revision 1.284 / (download) - annotate - [select for diffs], Sun Aug 21 17:30:21 2022 UTC (21 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.283: +1 -5 lines
Diff to previous 1.283 (colored)
Move PRU_LISTEN request to (*pru_listen)() handler. ok bluhm@
Revision 1.283 / (download) - annotate - [select for diffs], Sat Aug 20 23:48:58 2022 UTC (21 months, 3 weeks ago) by mvs
Branch: MAIN
Changes since 1.282: +11 -5 lines
Diff to previous 1.282 (colored)
Move PRU_BIND request to (*pru_bind)() handler. For the protocols which don't support request, leave handler NULL. Do the NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in such case. This will be done for all upcoming user request handlers. ok bluhm@ guenther@
Revision 1.282 / (download) - annotate - [select for diffs], Mon Aug 15 09:11:39 2022 UTC (21 months, 3 weeks ago) by mvs
Branch: MAIN
Changes since 1.281: +7 -1 lines
Diff to previous 1.281 (colored)
Introduce 'pr_usrreqs' structure and move existing user-protocol handlers into it. We want to split existing (*pr_usrreq)() to multiple short handlers for each PRU_ request as it was already done for PRU_ATTACH and PRU_DETACH. This is the preparation step, (*pr_usrreq)() split will be done with the following diffs. Based on reverted diff from guenther@. ok bluhm@
Revision 1.281 / (download) - annotate - [select for diffs], Mon Aug 8 12:06:30 2022 UTC (22 months ago) by bluhm
Branch: MAIN
Changes since 1.280: +18 -13 lines
Diff to previous 1.280 (colored)
To make protocol input functions MP safe, internet PCB need protection. Use their reference counter in more places. The in_pcb lookup functions hold the PCBs in hash tables protected by table->inpt_mtx mutex. Whenever a result is returned, increment the ref count before releasing the mutex. Then the inp can be used as long as neccessary. Unref it at the end of all functions that call in_pcb lookup. As a shortcut, pf may also hold a reference to the PCB. When pf_inp_lookup() returns it, it also incements the ref count and the caller can handle it like the inp from table lookup. OK sashan@
Revision 1.280 / (download) - annotate - [select for diffs], Sat Aug 6 15:57:59 2022 UTC (22 months ago) by bluhm
Branch: MAIN
Changes since 1.279: +2 -2 lines
Diff to previous 1.279 (colored)
Clean up the netlock macros. Merge NET_RLOCK_IN_SOFTNET and NET_RLOCK_IN_IOCTL, which have the same implementation. The R and W are hard to see, call the new macro NET_LOCK_SHARED. Rename the opposite assertion from NET_ASSERT_WLOCKED to NET_ASSERT_LOCKED_EXCLUSIVE. Update some outdated comments about net locking. OK mpi@ mvs@
Revision 1.279 / (download) - annotate - [select for diffs], Sun Jun 26 15:50:21 2022 UTC (23 months, 2 weeks ago) by mvs
Branch: MAIN
Changes since 1.278: +13 -8 lines
Diff to previous 1.278 (colored)
The "ifq_set_maxlen(..., 1);" hack we use to enforce pipex(4) related (*if_qstart)() be always called with netlock held doesn't work anymore with PPPOE sessions. Introduce `pipex_list_mtx' mutex(9) and use it to protect global pipex(4) lists and radix trees. Protect pipex(4) `session' dereference with reference counters, because we could sleep when accessing pipex(4) from ioctl(2) path, and this is not possible with mutex(9) held. ok bluhm@
Revision 1.278 / (download) - annotate - [select for diffs], Sun May 15 09:12:20 2022 UTC (2 years ago) by dlg
Branch: MAIN
Changes since 1.277: +5 -5 lines
Diff to previous 1.277 (colored)
have in_pcbselsrc copy the selected address to memory provided by the caller. having it return a pointer to something that has a lifetime managed by a lock without accounting for it or taking a reference count or anything like that is asking for trouble. copying the address to caller provded memory while still inside the lock is a lot safer. discussed with visa@ ok bluhm@ claudio@
Revision 1.277 / (download) - annotate - [select for diffs], Mon Mar 21 23:37:09 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.276: +23 -16 lines
Diff to previous 1.276 (colored)
For multicast and broadcast packets udp_input() traverses the loop of all UDP PCBs. From there it calls udp_sbappend() while holding the UDP table mutex. This ends in sorwakeup() where we finally grab the kernel lock while holding a mutex. Witness detects this misuse. Use the same solution as for PCB notify. Collect the affected PCBs in a temporary list. The list is protected by exclusive net lock. Reported-by: syzbot+7596cb96fb9f3c9d6f4f@syzkaller.appspotmail.com OK sashan@
Revision 1.276 / (download) - annotate - [select for diffs], Mon Mar 21 19:39:56 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.275: +12 -12 lines
Diff to previous 1.275 (colored)
Fix whitespace. Wrap long lines. Adjust outdated comment.
Revision 1.275 / (download) - annotate - [select for diffs], Mon Mar 21 09:12:34 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.274: +3 -1 lines
Diff to previous 1.274 (colored)
Header netinet/in_pcb.h includes sys/mutex.h now. Recommit mutex for PCB tables. It does not break userland build anymore. pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To run pf in parallel, make parts of the stack MP safe. Protect the list and hashes in the PCB tables with a mutex. Note that the protocol notify functions may call pf via tcp_output(). As the pf lock is a sleeping rw_lock, we must not hold a mutex. To solve this for now, collect these PCBs in inp_notify list and protect it with exclusive netlock. OK sashan@
Revision 1.274 / (download) - annotate - [select for diffs], Mon Mar 14 22:38:43 2022 UTC (2 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.273: +0 -2 lines
Diff to previous 1.273 (colored)
Unbreak the tree, revert commitid aZ8fm4iaUnTCc0ul This reverts the commit protecting the list and hashes in the PCB tables with a mutex since the build of sysctl(8) breaks, as found by kettenis. ok sthen
Revision 1.273 / (download) - annotate - [select for diffs], Mon Mar 14 17:23:00 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.272: +3 -1 lines
Diff to previous 1.272 (colored)
pf_socket_lookup() calls in_pcbhashlookup() in the PCB layer. To run pf in parallel, make parts of the stack MP safe. Protect the list and hashes in the PCB tables with a mutex. Note that the protocol notify functions may call pf via tcp_output(). As the pf lock is a sleeping rw_lock, we must not hold a mutex. To solve this for now, collect these PCBs in inp_notify list and protect it with exclusive netlock. OK sashan@
Revision 1.272 / (download) - annotate - [select for diffs], Wed Mar 2 12:53:15 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.271: +3 -3 lines
Diff to previous 1.271 (colored)
The return value of in6_pcbnotify() is never used. Make it a void function. OK gnezdo@ mvs@ florian@ sashan@
Revision 1.271 / (download) - annotate - [select for diffs], Fri Feb 25 23:51:03 2022 UTC (2 years, 3 months ago) by guenther
Branch: MAIN
Changes since 1.270: +12 -17 lines
Diff to previous 1.270 (colored)
Reported-by: syzbot+1b5b209ce506db4d411d@syzkaller.appspotmail.com Revert the pr_usrreqs move: syzkaller found a NULL pointer deref and I won't be available to monitor for followup issues for a bit
Revision 1.270 / (download) - annotate - [select for diffs], Fri Feb 25 08:36:01 2022 UTC (2 years, 3 months ago) by guenther
Branch: MAIN
Changes since 1.269: +17 -12 lines
Diff to previous 1.269 (colored)
Move pr_attach and pr_detach to a new structure pr_usrreqs that can then be shared among protosw structures, following the same basic direction as NetBSD and FreeBSD for this. Split PRU_CONTROL out of pr_usrreq into pru_control, giving it the proper prototype to eliminate the previously necessary casts. ok mvs@ bluhm@
Revision 1.269 / (download) - annotate - [select for diffs], Wed Feb 16 01:25:45 2022 UTC (2 years, 3 months ago) by dlg
Branch: MAIN
Changes since 1.268: +1 -15 lines
Diff to previous 1.268 (colored)
rewrite vxlan to better fit the current kernel infrastructure. the big change is removing the integration with and reliance on bridge(4) for learning vxlan endpoints. we have the etherbridge layer now (which is used by veb, nvgre, bpe, etc) so vxlan can operate independently of bridge(4) (or any other driver) while still dynamically learning about other endpoints. vxlan now uses the udp socket upcall mechanism to receive packets. this means it actually creates and binds udp sockets to use rather adding code in the udp layer for stealing packets from the udp layer. i think it's also important to note that this adds loop prevention to the code. this stops a vxlan interface being used to transmit a packet that was encapsulated in itself. i want to clear this out of my tree where it's been sitting for nearly a year. noone seems too concerned with the change either way. ok claudio@
Revision 1.268 / (download) - annotate - [select for diffs], Tue Jan 4 06:32:40 2022 UTC (2 years, 5 months ago) by yasuoka
Branch: MAIN
Changes since 1.267: +2 -2 lines
Diff to previous 1.267 (colored)
Add `ipsec_flows_mtx' mutex(9) to protect `ipsp_ids_*' list and trees. ipsp_ids_lookup() returns `ids' with bumped reference counter. original diff from mvs ok mvs
Revision 1.267 / (download) - annotate - [select for diffs], Thu Dec 2 12:39:15 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.266: +9 -8 lines
Diff to previous 1.266 (colored)
Allow to build kernel without IPSEC or INET6 defines. OK mpi@ mvs@
Revision 1.266 / (download) - annotate - [select for diffs], Wed Dec 1 12:51:09 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.265: +3 -3 lines
Diff to previous 1.265 (colored)
Let ipsp_spd_lookup() return an error instead of a TDB. The TDB is not always needed, but the error value is necessary for the caller. As TDB should be refcounted, it makes not sense to always return it. Pass an output pointer for the TDB which can be NULL. OK mvs@ tobhe@
Revision 1.265 / (download) - annotate - [select for diffs], Thu Nov 25 13:46:02 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.264: +3 -1 lines
Diff to previous 1.264 (colored)
Implement reference counting for IPsec tdbs. Not all cases are covered yet, more ref counts to come. The timeouts are protected, so the racy tdb_reaper() gets retired. The tdb_policy_head, onext and inext lists are protected. All gettdb...() functions return a tdb that is ref counted and has to be unrefed later. A flag ensures that tdb_delete() is called only once. Tested by Hrvoje Popovski; OK sthen@ mvs@ tobhe@
Revision 1.264 / (download) - annotate - [select for diffs], Thu Nov 11 18:08:18 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.263: +2 -3 lines
Diff to previous 1.263 (colored)
Do not call ip_deliver() recursively from IPsec. As there is no crypto task anymore, it is possible to return the next protocol. Then ip_deliver() will walk the header chain in its loop. IPsec bridge(4) tested by jan@ OK mvs@ tobhe@ jan@
Revision 1.263 / (download) - annotate - [select for diffs], Sat Oct 23 22:19:37 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.262: +2 -2 lines
Diff to previous 1.262 (colored)
There is an m_pullup() down in AH input. As it may free or change the mbuf, the callers must be careful. Although there is no bug, use the common pattern to handle this. Pass down an mbuf pointer mp and let m_pullup() update the pointer in all callers. It looks like the tcp signature functions should not be called. Avoid an mbuf leak and return an error. OK mvs@
Revision 1.262 / (download) - annotate - [select for diffs], Sat Aug 22 17:54:57 2020 UTC (3 years, 9 months ago) by gnezdo
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.261: +8 -4 lines
Diff to previous 1.261 (colored)
Convert udp_sysctl to sysctl_bounded_args
Revision 1.261 / (download) - annotate - [select for diffs], Wed Aug 5 21:15:38 2020 UTC (3 years, 10 months ago) by mglocker
Branch: MAIN
Changes since 1.260: +3 -3 lines
Diff to previous 1.260 (colored)
Don't compare pointers against zero. Reported by Peter J. Philipp. ok mvs@ deraadt@
Revision 1.260 / (download) - annotate - [select for diffs], Sat Aug 1 23:41:56 2020 UTC (3 years, 10 months ago) by gnezdo
Branch: MAIN
Changes since 1.259: +6 -9 lines
Diff to previous 1.259 (colored)
Move range check inside sysctl_int_arr Range violations are now consistently reported as EOPNOTSUPP. Previously they were mixed with ENOPROTOOPT. OK kn@
Revision 1.259 / (download) - annotate - [select for diffs], Sun Jun 21 05:19:27 2020 UTC (3 years, 11 months ago) by dlg
Branch: MAIN
Changes since 1.258: +3 -2 lines
Diff to previous 1.258 (colored)
wrap a long line. no functional change.
Revision 1.258 / (download) - annotate - [select for diffs], Sun Jun 21 05:17:15 2020 UTC (3 years, 11 months ago) by dlg
Branch: MAIN
Changes since 1.257: +11 -3 lines
Diff to previous 1.257 (colored)
if an inp_upcall is set, let it look at and maybe steal the udp packet. i wrote the original version of this, but it was tweaked by Matt Dunwoodie and Jason A. Donenfeld for use with wireguard.
Revision 1.257 / (download) - annotate - [select for diffs], Fri Dec 6 14:43:14 2019 UTC (4 years, 6 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.256: +18 -16 lines
Diff to previous 1.256 (colored)
Checking the IPsec policy is expensive. Check only when IPsec is used. ok bluhm@
Revision 1.256 / (download) - annotate - [select for diffs], Fri Nov 29 22:06:19 2019 UTC (4 years, 6 months ago) by tobhe
Branch: MAIN
Changes since 1.255: +40 -38 lines
Diff to previous 1.255 (colored)
Change the default security level for incoming IPsec flows from isakmpd and iked to REQUIRE. Filter policy violations earlier. ok sashan@ bluhm@
Revision 1.255 / (download) - annotate - [select for diffs], Mon Feb 4 21:40:52 2019 UTC (5 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.254: +8 -8 lines
Diff to previous 1.254 (colored)
Avoid an mbuf double free in the oob soreceive() path. In the usrreq functions move the mbuf m_freem() logic to the release block instead of distributing it over the switch statement. Then the goto release in the initial check, whether the pcb still exists, will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE command. OK claudio@ mpi@ visa@ Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com
Revision 1.254 / (download) - annotate - [select for diffs], Sat Nov 10 18:40:34 2018 UTC (5 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.253: +1 -3 lines
Diff to previous 1.253 (colored)
Do not translate the EACCES error from pf(4) to EHOSTUNREACH anymore. It also translated a documented send(2) EACCES case erroneously. This was too much magic and always prone to errors. from Jan Klemkow; man page jmc@; OK claudio@
Revision 1.253 / (download) - annotate - [select for diffs], Thu Oct 4 17:33:41 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.252: +1 -3 lines
Diff to previous 1.252 (colored)
Revert the inpcb table mutex commit. It triggers a witness panic in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx is held and sorwakeup() is called within the loop. As sowakeup() grabs the kernel lock, we have a lock ordering problem. found by Hrvoje Popovski; OK deraadt@ mpi@
Revision 1.252 / (download) - annotate - [select for diffs], Thu Sep 20 18:59:10 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.251: +3 -1 lines
Diff to previous 1.251 (colored)
As a step towards per inpcb or socket locks, remove the net lock for netstat -a. Introduce a global mutex that protects the tables and hashes for the internet PCBs. To detect detached PCB, set its inp_socket field to NULL. This has to be protected by a per PCB mutex. The protocol pointer has to be protected by the mutex as netstat uses it. Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify() before the table mutex to avoid lock ordering problems in the notify functions. OK visa@
Revision 1.251 / (download) - annotate - [select for diffs], Thu Sep 13 19:53:58 2018 UTC (5 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.250: +2 -2 lines
Diff to previous 1.250 (colored)
Add reference counting for inet pcb, this will be needed when we start locking the socket. An inp can be referenced by the PCB queue and hashes, by a pf mbuf header, or by a pf state key. OK visa@
Revision 1.250 / (download) - annotate - [select for diffs], Thu Jul 5 21:16:52 2018 UTC (5 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.249: +1 -2 lines
Diff to previous 1.249 (colored)
It was possible to leak the control mbuf in raw ip user request with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency. OK benno@ mpi@
Revision 1.249 / (download) - annotate - [select for diffs], Fri Jun 8 14:09:57 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.248: +44 -77 lines
Diff to previous 1.248 (colored)
The udp control option processing was implemented three times. Multicast lacked receive destination port. Better use a function and do it all in one place. The pipex chunk does not use the options, so it can happen before. Adding the udp header length to the ip header length was done inconsistently. Do it explicitly when needed. OK mpi@ visa@
Revision 1.248 / (download) - annotate - [select for diffs], Mon May 14 15:24:23 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.247: +2 -2 lines
Diff to previous 1.247 (colored)
When checking the IPsec enable sysctls, ipsec_common_input() had switches for protocol and address family. Move this code to the specific functions from where the common function is called. As a consequence the raw ip input functions can never be called from udp_input() anymore. If IPsec is disabled, the functions ah6_input(), esp6_input(), and ipcomp6_input() do not start processing the header chain. The raw ip input functions are called with the mbuf and offset pointers from the protocol walking loop which is the usual behavior. OK mpi@ markus@
Revision 1.247 / (download) - annotate - [select for diffs], Tue Apr 24 15:40:55 2018 UTC (6 years, 1 month ago) by pirofti
Branch: MAIN
Changes since 1.246: +3 -3 lines
Diff to previous 1.246 (colored)
Push NET_LOCK down in the default ifioctl case. For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and on the ENOTSUPP case we guard the driver if_ioctl functions. OK mpi@
Revision 1.246 / (download) - annotate - [select for diffs], Fri Apr 6 10:59:11 2018 UTC (6 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.245: +2 -2 lines
Diff to previous 1.245 (colored)
Use the existing pf state to speed up UDP socket lookup. This was disabled as there were some stability issues. It seems that the crashes were fixed when reference counting for pf states was implemented. Se reenable this code. Apart from the performance improvement it also makes corner cases for pf divert-to more reliable. OK henning@
Revision 1.245 / (download) - annotate - [select for diffs], Fri Dec 1 10:33:33 2017 UTC (6 years, 6 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.244: +6 -11 lines
Diff to previous 1.244 (colored)
Simplify the reverse PCB lookup logic. The PF_TAG_TRANSLATE_LOCALHOST security check prevents that the user accidentally configures redirect where a divert-to would be appropriate. Instead of spreading the logic into tcp and udp input, check the flag during PCB listen lookup. This also reduces parameters of in_pcblookup_listen(). OK visa@
Revision 1.244 / (download) - annotate - [select for diffs], Mon Nov 20 10:35:24 2017 UTC (6 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.243: +8 -3 lines
Diff to previous 1.243 (colored)
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK(). ok visa@
Revision 1.243 / (download) - annotate - [select for diffs], Wed Nov 8 16:29:20 2017 UTC (6 years, 7 months ago) by visa
Branch: MAIN
Changes since 1.242: +2 -2 lines
Diff to previous 1.242 (colored)
Make {ah,esp,ipcomp}stat use percpu counters.
OK bluhm@, mpi@
Revision 1.242 / (download) - annotate - [select for diffs], Thu Nov 2 14:01:18 2017 UTC (6 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.241: +16 -5 lines
Diff to previous 1.241 (colored)
Move PRU_DETACH out of pr_usrreq into per proto pr_detach functions to pave way for more fine grained locking. Suggested by, comments & OK mpi
Revision 1.241 / (download) - annotate - [select for diffs], Mon Oct 9 08:35:38 2017 UTC (6 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.240: +20 -8 lines
Diff to previous 1.240 (colored)
Reduces the scope of the NET_LOCK() in sysctl(2) path. Exposes per-CPU counters to real parrallelism. ok visa@, bluhm@, jca@
Revision 1.240 / (download) - annotate - [select for diffs], Tue Sep 5 07:59:11 2017 UTC (6 years, 9 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.239: +2 -2 lines
Diff to previous 1.239 (colored)
Replace NET_ASSERT_LOCKED() by soassertlocked() in *_usrreq(). Not all of them need the NET_LOCK(). ok bluhm@
Revision 1.239 / (download) - annotate - [select for diffs], Fri Aug 11 19:53:02 2017 UTC (6 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.238: +2 -12 lines
Diff to previous 1.238 (colored)
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
Revision 1.238 / (download) - annotate - [select for diffs], Mon Jun 26 09:32:32 2017 UTC (6 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.237: +5 -4 lines
Diff to previous 1.237 (colored)
Assert that the corresponding socket is locked when manipulating socket buffers. This is one step towards unlocking TCP input path. Note that all the functions asserting for the socket lock are not necessarilly MP-safe. All the fields of 'struct socket' aren't protected. Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to tell when a filter needs to lock the underlying data structures. Logic and name taken from NetBSD. Tested by Hrvoje Popovski. ok claudio@, bluhm@, mikeb@
Revision 1.237 / (download) - annotate - [select for diffs], Sat May 6 16:35:59 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.236: +1 -7 lines
Diff to previous 1.236 (colored)
Checking for IPv4 mapped addreses and dropping the packet is done in ip6_input(). Do not check that again in the protocol input functions. OK mpi@
Revision 1.236 / (download) - annotate - [select for diffs], Thu May 4 17:58:46 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.235: +3 -3 lines
Diff to previous 1.235 (colored)
If m is not a continuous mbuf cluster, m_pullup() in pr_input may change the pointer. Then *mp keeps the invalid pointer and it might be used. Fix the potential use after free and also reset *mp in other places to have less dangling pointers to freed mbufs. OK mpi@ mikeb@
Revision 1.235 / (download) - annotate - [select for diffs], Mon Apr 17 20:48:21 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.234: +23 -49 lines
Diff to previous 1.234 (colored)
Use the address family passed down with pr_input to simplify udp_input(). OK florian@
Revision 1.234 / (download) - annotate - [select for diffs], Fri Apr 14 20:46:31 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.233: +2 -2 lines
Diff to previous 1.233 (colored)
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
Revision 1.233 / (download) - annotate - [select for diffs], Wed Apr 5 13:35:18 2017 UTC (7 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.232: +2 -2 lines
Diff to previous 1.232 (colored)
When building counter memory in preparation to copy to userland, always zero the buffers first. All the current objects appear to be safe, however future changes might introduce structure pads. Discussed with guenther, ok bluhm
Revision 1.232 / (download) - annotate - [select for diffs], Mon Mar 13 20:18:21 2017 UTC (7 years, 2 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.231: +22 -18 lines
Diff to previous 1.231 (colored)
Move PRU_ATTACH out of the pr_usrreq functions into pr_attach. Attach is quite a different thing to the other PRU functions and this should make locking a bit simpler. This also removes the ugly hack on how proto was passed to the attach function. OK bluhm@ and mpi@ on a previous version
Revision 1.231 / (download) - annotate - [select for diffs], Sun Feb 5 16:23:38 2017 UTC (7 years, 4 months ago) by jca
Branch: MAIN
Changes since 1.230: +2 -2 lines
Diff to previous 1.230 (colored)
Always allocate counters memory using type M_COUNTERS. This makes the API simpler, and is probably more useful than spreading counters memory other several types, making it harder to track. Prodded by mpi, ok mpi@ stsp@
Revision 1.230 / (download) - annotate - [select for diffs], Tue Jan 31 10:24:41 2017 UTC (7 years, 4 months ago) by jca
Branch: MAIN
Changes since 1.229: +2 -2 lines
Diff to previous 1.229 (colored)
Use CTASSERT instead of KASSERT for a few sysctl that use the counters API ok dlg@ mpi@
Revision 1.229 / (download) - annotate - [select for diffs], Sun Jan 29 19:58:47 2017 UTC (7 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.228: +14 -21 lines
Diff to previous 1.228 (colored)
Change the IPv4 pr_input function to the way IPv6 is implemented, to get rid of struct ip6protosw and some wrapper functions. It is more consistent to have less different structures. The divert_input functions cannot be called anyway, so remove them. OK visa@ mpi@
Revision 1.228 / (download) - annotate - [select for diffs], Thu Jan 26 13:03:47 2017 UTC (7 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.227: +8 -9 lines
Diff to previous 1.227 (colored)
Reduce the difference between struct protosw and ip6protosw. The IPv4 pr_ctlinput functions did return a void pointer that was always NULL and never used. Make all functions void like in the IPv6 case. OK mpi@
Revision 1.227 / (download) - annotate - [select for diffs], Wed Jan 25 17:34:31 2017 UTC (7 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.226: +3 -8 lines
Diff to previous 1.226 (colored)
Since raw_input() and route_input() are gone from pr_input, we can make the variable parameters of the protocol input functions fixed. Also add the proto to make it similar to IPv6. OK mpi@ guenther@ millert@
Revision 1.226 / (download) - annotate - [select for diffs], Mon Dec 19 15:47:19 2016 UTC (7 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.225: +1 -3 lines
Diff to previous 1.225 (colored)
Remove redundant splsoftnet(). ok bluhm@
Revision 1.225 / (download) - annotate - [select for diffs], Mon Dec 19 08:36:49 2016 UTC (7 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.224: +2 -2 lines
Diff to previous 1.224 (colored)
Introduce the NET_LOCK() a rwlock used to serialize accesses to the parts of the network stack that are not yet ready to be executed in parallel or where new sleeping points are not possible. This first pass replace all the entry points leading to ip_output(). This is done to not introduce new sleeping points when trying to acquire ART's write lock, needed when a new L2 entry is created via the RT_RESOLVE. Inputs from and ok bluhm@, ok dlg@
Revision 1.224 / (download) - annotate - [select for diffs], Sat Dec 10 13:22:57 2016 UTC (7 years, 6 months ago) by patrick
Branch: MAIN
Changes since 1.223: +9 -3 lines
Diff to previous 1.223 (colored)
Pass the correct offset of the next protocol field for the given IP version to the upper layers. The stack will set this field to IPIP later on, so make sure it doesn't overwrite the packet in the wrong location. ok bluhm@ deraadt@ stsp@
Revision 1.223 / (download) - annotate - [select for diffs], Mon Nov 28 10:49:35 2016 UTC (7 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.222: +4 -2 lines
Diff to previous 1.222 (colored)
Allow to build kernels without IPSEC but with PIPEX.
Revision 1.222 / (download) - annotate - [select for diffs], Mon Nov 21 09:09:06 2016 UTC (7 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.221: +3 -7 lines
Diff to previous 1.221 (colored)
Enforce that pr_usrreq functions are called at IPL_SOFTNET. This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock. ok bluhm@, claudio@
Revision 1.221 / (download) - annotate - [select for diffs], Fri Nov 18 02:53:47 2016 UTC (7 years, 6 months ago) by dlg
Branch: MAIN
Changes since 1.220: +44 -23 lines
Diff to previous 1.220 (colored)
turn ipstat into a set of percpu counters. each counter is identified by an enum value which correspond to the original members of the udpstat struct. udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual updates. udpstat_inc is a thin wrapper around counters_inc. counters are still returned to userland via the udpstat struct for now. ok mpi@ mikeb@ deraadt@
Revision 1.220 / (download) - annotate - [select for diffs], Thu Nov 3 18:42:35 2016 UTC (7 years, 7 months ago) by mikeb
Branch: MAIN
Changes since 1.219: +2 -7 lines
Diff to previous 1.219 (colored)
Remove obsolete vxlan_lookup return value handling With input from reyk@, OK mpi
Revision 1.219 / (download) - annotate - [select for diffs], Sat Sep 3 13:46:57 2016 UTC (7 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.218: +19 -3 lines
Diff to previous 1.218 (colored)
Add support for a multipoint-to-multipoint mode in vxlan(4). In this mode, vxlan(4) must be configured to accept any virtual network identifier with "vnetid any" and added to a bridge(4) or switch(4). This way the driver will dynamically learn the tunnel endpoints and their vnetids for the responses and can be used to dynamically bridge between VXLANs. It is also being used in combination with switch(4) and the OpenFlow tunnel classifiers. With input from yasuoka@ goda@ OK deraadt@ dlg@
Revision 1.218 / (download) - annotate - [select for diffs], Tue Aug 16 22:21:17 2016 UTC (7 years, 9 months ago) by vgross
Branch: MAIN
Changes since 1.217: +28 -3 lines
Diff to previous 1.217 (colored)
Add IP_SENDSRCADDR cmsg for UDP sockets. As suggested by sthen@, IP_SENDSRCADDR == IP_RECVDSTADDR. OK sthen@ jca@ bluhm@
Revision 1.217 / (download) - annotate - [select for diffs], Thu Aug 4 20:46:24 2016 UTC (7 years, 10 months ago) by vgross
Branch: MAIN
Changes since 1.216: +2 -3 lines
Diff to previous 1.216 (colored)
Commit in6_selectsrc() split again, with missing assignment fixed.
Revision 1.216 / (download) - annotate - [select for diffs], Fri Jul 22 11:14:41 2016 UTC (7 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.215: +2 -1 lines
Diff to previous 1.215 (colored)
Revert in_selectsrc() refactoring, it breaks IPv6. Reported by Heiko on bugs@. ok stsp@, claudio@
Revision 1.215 / (download) - annotate - [select for diffs], Wed Jul 20 18:51:50 2016 UTC (7 years, 10 months ago) by vgross
Branch: MAIN
Changes since 1.214: +2 -3 lines
Diff to previous 1.214 (colored)
Split in6_selectsrc() into a low-level part and a pcb-level part, and convert in_selectsrc() prototype to match. Ok bluhm@ mpi@.
Revision 1.214 / (download) - annotate - [select for diffs], Tue Jun 28 11:22:53 2016 UTC (7 years, 11 months ago) by jca
Branch: MAIN
Changes since 1.213: +24 -3 lines
Diff to previous 1.213 (colored)
Add UDP unicast and multicast support for IP_MINTTL/IPV6_MINHOPCOUNT Requested by renato@, ok blumh@
Revision 1.213 / (download) - annotate - [select for diffs], Sat Jun 18 10:36:13 2016 UTC (7 years, 11 months ago) by vgross
Branch: MAIN
Changes since 1.212: +7 -1 lines
Diff to previous 1.212 (colored)
Add net.inet.{tcp,udp}.rootonly sysctl, to mark which ports
cannot be bound to by non-root users.
Ok millert@ bluhm@
Revision 1.212 / (download) - annotate - [select for diffs], Wed Jun 15 16:06:35 2016 UTC (7 years, 11 months ago) by vgross
Branch: MAIN
Changes since 1.211: +2 -2 lines
Diff to previous 1.211 (colored)
Fix typo from rebase : extra parenthese
Revision 1.211 / (download) - annotate - [select for diffs], Wed Jun 15 15:16:47 2016 UTC (7 years, 11 months ago) by vgross
Branch: MAIN
Changes since 1.210: +42 -40 lines
Diff to previous 1.210 (colored)
Move the cmsg handling code on top of udp_output(), to make IP_SENDSRCADDR introduction easier. Ok jca@
Revision 1.210 / (download) - annotate - [select for diffs], Wed Mar 23 15:50:36 2016 UTC (8 years, 2 months ago) by vgross
Branch: MAIN
Changes since 1.209: +2 -7 lines
Diff to previous 1.209 (colored)
Merge in_pcbbind() and in6_pcbbind(), and change every call to in6_pcbbind() into in_pcbbind(). Ok jca@ mpi@
Revision 1.209 / (download) - annotate - [select for diffs], Mon Mar 7 18:44:00 2016 UTC (8 years, 3 months ago) by naddy
Branch: MAIN
Changes since 1.208: +2 -2 lines
Diff to previous 1.208 (colored)
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
Revision 1.208 / (download) - annotate - [select for diffs], Thu Dec 3 14:05:28 2015 UTC (8 years, 6 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.207: +5 -20 lines
Diff to previous 1.207 (colored)
To avoid that the stack manipules the pf statekeys directly, introduce pf_inp_...() lookup, link and unlink functions as an interface. Locking can be added to them later. Remove the first linking at the beginning of tcp_input() and udp_input() as it is not necessary. It will be done later anyway. That code was a relict, from the time before I had added the second linking. Input from mikeb@ and sashan@; OK sashan@
Revision 1.207 / (download) - annotate - [select for diffs], Fri Sep 11 07:42:35 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.206: +5 -5 lines
Diff to previous 1.206 (colored)
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
Revision 1.206 / (download) - annotate - [select for diffs], Thu Sep 10 17:52:05 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.205: +2 -2 lines
Diff to previous 1.205 (colored)
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
Revision 1.205 / (download) - annotate - [select for diffs], Fri Aug 14 18:07:28 2015 UTC (8 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.204: +3 -3 lines
Diff to previous 1.204 (colored)
Replace sockaddr casts with the proper satosin() or satosin6() calls. From David Hill; OK mpi@
Revision 1.204 / (download) - annotate - [select for diffs], Wed Jul 15 22:16:42 2015 UTC (8 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.203: +7 -14 lines
Diff to previous 1.203 (colored)
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
Revision 1.203 / (download) - annotate - [select for diffs], Wed Jul 8 08:48:34 2015 UTC (8 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.202: +5 -5 lines
Diff to previous 1.202 (colored)
Pass an interface index instead of a pointer to in6_addr2scopeid(). ok millert@
Revision 1.202 / (download) - annotate - [select for diffs], Tue Jun 30 15:30:17 2015 UTC (8 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.201: +3 -2 lines
Diff to previous 1.201 (colored)
Get rid of the undocumented & temporary* m_copy() macro added for compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
Revision 1.201 / (download) - annotate - [select for diffs], Tue Jun 16 11:09:40 2015 UTC (8 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.200: +5 -5 lines
Diff to previous 1.200 (colored)
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
Revision 1.200 / (download) - annotate - [select for diffs], Fri Jun 5 21:41:43 2015 UTC (9 years ago) by krw
Branch: MAIN
Changes since 1.199: +18 -32 lines
Diff to previous 1.199 (colored)
Try harder to avoid (very unlikely) NULL pointer de-ref by tweaking code to use sotopf() like tcp_usrreq() does. Also following tcp_usrreq(), put more stuff under splsoftnet. And as a result in-line code in udp_detach() and nuke udp_detach(). Most ideas from and ok mikeb@
Revision 1.199 / (download) - annotate - [select for diffs], Sat May 23 12:38:53 2015 UTC (9 years ago) by markus
Branch: MAIN
Changes since 1.198: +3 -3 lines
Diff to previous 1.198 (colored)
introduce ipsec-id bundles and use them for ipsecflowinfo, fixes rekeying for l2tp/ipsec against multiple windows clients and saves memory (for many SAs to same peers); feedback and ok mikeb@
Revision 1.198 / (download) - annotate - [select for diffs], Thu Apr 16 19:24:13 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.197: +1 -26 lines
Diff to previous 1.197 (colored)
remove unfinished/unused support for socket-attached ipsec-policies ok mikeb
Revision 1.197 / (download) - annotate - [select for diffs], Tue Apr 14 12:22:15 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
Changes since 1.196: +1 -13 lines
Diff to previous 1.196 (colored)
Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
Revision 1.196 / (download) - annotate - [select for diffs], Wed Mar 4 11:10:55 2015 UTC (9 years, 3 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.195: +3 -18 lines
Diff to previous 1.195 (colored)
Do not check if the interface index matches the scope when all we want is to clear the damn embedded scope. At this point the receiving interface should not matter and will in the future be cleared to prevent such layer violations. This prevent exporting addresses with embedded scope to userland. Found the hardway by and ok florian@
Revision 1.195 / (download) - annotate - [select for diffs], Fri Dec 5 15:50:04 2014 UTC (9 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.194: +2 -1 lines
Diff to previous 1.194 (colored)
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>. ok mikeb@, krw@, bluhm@, tedu@
Revision 1.194 / (download) - annotate - [select for diffs], Tue Nov 25 12:13:59 2014 UTC (9 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.193: +1 -9 lines
Diff to previous 1.193 (colored)
unifdef -USCOPEDROUTING, no object change.
Revision 1.193 / (download) - annotate - [select for diffs], Thu Nov 20 14:51:42 2014 UTC (9 years, 6 months ago) by krw
Branch: MAIN
Changes since 1.192: +1 -4 lines
Diff to previous 1.192 (colored)
Yet more #include de-duplication. ok deraadt@ tedu@
Revision 1.192 / (download) - annotate - [select for diffs], Thu Nov 20 11:05:19 2014 UTC (9 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.191: +2 -11 lines
Diff to previous 1.191 (colored)
In TCP and UDP layers do not (ab)use the receiving interface to check for a multicast/broadcast destination address. These checks have already been done in the Ethernet and IP layers and the mbuf(9) should contain all the required information at this point. But since we cannot trust this spaghetti stack, be paranoid and make sure to set the flags in the IP input routines. Use explicit comments, requested by deraadt@. ok claudio@
Revision 1.191 / (download) - annotate - [select for diffs], Sun Nov 9 22:05:08 2014 UTC (9 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.190: +11 -1 lines
Diff to previous 1.190 (colored)
To implement transparent relays for connectionless protocols, the pf the state has to vanish immediately when the relay closes the socket. To make this work reliably, the linkage between state and socket must be established with the first packet. This packet could be incomming or outgoing. Link the pf state in the socket layer earlier. This makes all tests in /usr/src/regress/sys/net/pf_divert pass. OK henning@
Revision 1.190 / (download) - annotate - [select for diffs], Sun Sep 14 14:17:26 2014 UTC (9 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.189: +1 -2 lines
Diff to previous 1.189 (colored)
remove uneeded proc.h includes ok mpi@ kspillner@
Revision 1.189 / (download) - annotate - [select for diffs], Tue Jul 22 11:06:10 2014 UTC (9 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.188: +1 -2 lines
Diff to previous 1.188 (colored)
Fewer <netinet/in_systm.h> !
Revision 1.188 / (download) - annotate - [select for diffs], Sat Jul 12 21:06:34 2014 UTC (9 years, 11 months ago) by yasuoka
Branch: MAIN
Changes since 1.187: +4 -5 lines
Diff to previous 1.187 (colored)
Resize the pcb hashtable automatically. The table size will be doubled when the number of the hash entries reaches 75% of the table size. ok dlg henning, 'commit in' claudio
Revision 1.187 / (download) - annotate - [select for diffs], Fri Jul 11 13:15:34 2014 UTC (9 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.186: +5 -2 lines
Diff to previous 1.186 (colored)
There is a use-after-free somewhere in the code that links the pf state to the socket pcb. Add an additional assert to narrow down the panics. OK henning@
Revision 1.186 / (download) - annotate - [select for diffs], Mon Jun 23 22:48:33 2014 UTC (9 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.185: +2 -2 lines
Diff to previous 1.185 (colored)
repair ramdisk builds
Revision 1.185 / (download) - annotate - [select for diffs], Mon Jun 23 11:51:42 2014 UTC (9 years, 11 months ago) by yasuoka
Branch: MAIN
Changes since 1.184: +2 -2 lines
Diff to previous 1.184 (colored)
Fix compile without IPSEC. Pointed out by Ivan Solonin. ok henning mpi jca
Revision 1.184 / (download) - annotate - [select for diffs], Wed Apr 23 12:25:35 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.183: +10 -17 lines
Diff to previous 1.183 (colored)
Don't use varargs for udp_output() and sync the argument order with udp6_output(). ok henning@, reyk@, jca@
Revision 1.183 / (download) - annotate - [select for diffs], Mon Apr 21 12:22:26 2014 UTC (10 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.182: +2 -2 lines
Diff to previous 1.182 (colored)
ip_output() using varargs always struck me as bizarre, esp since it's only ever used to pass on uint32 (for ipsec). stop that madness and just pass the uint32, 0 in all cases but the two that pass the ipsec flowinfo. ok deraadt reyk guenther
Revision 1.182 / (download) - annotate - [select for diffs], Fri Apr 18 10:48:29 2014 UTC (10 years, 1 month ago) by jca
Branch: MAIN
Changes since 1.181: +4 -7 lines
Diff to previous 1.181 (colored)
Invert the signature logic of in{,6}_selectsrc, make them return the
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
Revision 1.181 / (download) - annotate - [select for diffs], Wed Apr 16 13:04:38 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.180: +23 -7 lines
Diff to previous 1.180 (colored)
Merge in_fixaddr() into in_selectsrc() in order to prepare for IP_SENDSRCADDR support. This reduces the differences with the IPv6 version and kill some comments that are no longer true. ok jca@, chrisz@, mikeb@
Revision 1.180 / (download) - annotate - [select for diffs], Mon Apr 14 09:06:42 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.179: +11 -10 lines
Diff to previous 1.179 (colored)
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable. Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct: rtableid = rdomain But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9). claudio@ likes it, ok mikeb@
Revision 1.179 / (download) - annotate - [select for diffs], Mon Apr 7 19:51:15 2014 UTC (10 years, 2 months ago) by chrisz
Branch: MAIN
Changes since 1.178: +3 -1 lines
Diff to previous 1.178 (colored)
In udp_output() also use the correct source address in case of an unbound socket. OK claudio@
Revision 1.178 / (download) - annotate - [select for diffs], Mon Apr 7 10:04:17 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.177: +3 -3 lines
Diff to previous 1.177 (colored)
Retire kernel support for SO_DONTROUTE, this time without breaking localhost connections. The plan is to always use the routing table for addresses and routes resolutions, so there is no future for an option that wants to bypass it. This option has never been implemented for IPv6 anyway, so let's just remove the IPv4 bits that you weren't aware of. Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
Revision 1.177 / (download) - annotate - [select for diffs], Sun Apr 6 17:40:36 2014 UTC (10 years, 2 months ago) by chrisz
Branch: MAIN
Changes since 1.176: +23 -25 lines
Diff to previous 1.176 (colored)
get rid of expensive temporary connect in udp_output(). Also fixes a possible memory leak where m doesn't get freed in bail case. "lets do it like this" claudio@
Revision 1.176 / (download) - annotate - [select for diffs], Fri Mar 28 08:33:51 2014 UTC (10 years, 2 months ago) by sthen
Branch: MAIN
Changes since 1.175: +2 -2 lines
Diff to previous 1.175 (colored)
revert "Retire kernel support for SO_DONTROUTE" diff, which does bad things for localhost connections. discussed with deraadt@
Revision 1.175 / (download) - annotate - [select for diffs], Thu Mar 27 13:27:28 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.174: +3 -3 lines
Diff to previous 1.174 (colored)
Retire kernel support for SO_DONTROUTE, since the plan is to always use the routing table there's no future for an option that wants to bypass it. This option has never been implemented for IPv6 anyway, so let's just remove the IPv4 bits that you weren't aware of. Tested by florian@, man pages inputs from jmc@, ok benno@
Revision 1.174 / (download) - annotate - [select for diffs], Fri Jan 24 18:54:58 2014 UTC (10 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.173: +1 -3 lines
Diff to previous 1.173 (colored)
clearing the _CSUM_IN_OK flags is now utterly pointless, was only done for statistics sideeffects before. ok lteo naddy
Revision 1.173 / (download) - annotate - [select for diffs], Thu Jan 23 23:51:29 2014 UTC (10 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.172: +3 -4 lines
Diff to previous 1.172 (colored)
since the cksum rewrite the counters for hardware checksummed packets are are lie, since the software engine emulates hardware offloading and that is later indistinguishable. so kill the hw cksummed counters. introduce software checksummed packet counters instead. tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum. as before we still have a miscounting bug for inbound with pf on, to be fixed in the next step. found by, prodding & ok naddy
Revision 1.172 / (download) - annotate - [select for diffs], Fri Dec 20 02:04:08 2013 UTC (10 years, 5 months ago) by krw
Branch: MAIN
Changes since 1.171: +2 -2 lines
Diff to previous 1.171 (colored)
Switch inpt_queue from CIRCLEQ to TAILQ. Thus ending use of CIRCLEQ in the base. Ports fixes to follow shortly for the two ports (gkrellm and net-snmp) affected. ok zhuk@ millert@
Revision 1.171 / (download) - annotate - [select for diffs], Fri Nov 22 07:59:09 2013 UTC (10 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.170: +2 -2 lines
Diff to previous 1.170 (colored)
Remove unused proc argument in in6_control(). ok henning@, mikeb@
Revision 1.170 / (download) - annotate - [select for diffs], Sun Oct 20 11:03:01 2013 UTC (10 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.169: +11 -7 lines
Diff to previous 1.169 (colored)
Put a large chunk of the IPv6 rdomain support in-tree. Still some important missing pieces, and this is not yet enabled. OK bluhm@
Revision 1.169 / (download) - annotate - [select for diffs], Sat Oct 19 10:38:55 2013 UTC (10 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.168: +2 -12 lines
Diff to previous 1.168 (colored)
make in_proto_cksum_out not rely on the pseudo header checksum to be already there, just compute it - it's dirt cheap. since that happens very late in ip_output, the rest of the stack doesn't have to care about checksums at all any more, if something needs to be checksummed, just set the flag on the pkthdr mbuf to indicate so. stop pre-computing the pseudo header checksum and incrementally updating it in the tcp and udp stacks. ok lteo florian
Revision 1.168 / (download) - annotate - [select for diffs], Thu Oct 17 16:27:44 2013 UTC (10 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.167: +2 -1 lines
Diff to previous 1.167 (colored)
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
Revision 1.167 / (download) - annotate - [select for diffs], Sun Oct 13 10:10:04 2013 UTC (10 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.166: +21 -1 lines
Diff to previous 1.166 (colored)
Import vxlan(4), the virtual extensible local area network tunnel interface. VXLAN is a UDP-based tunnelling protocol for overlaying virtualized layer 2 networks over layer 3 networks. The implementation is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested with other implementations in the wild. put it in deraadt@
Revision 1.166 / (download) - annotate - [select for diffs], Fri Sep 6 18:35:16 2013 UTC (10 years, 9 months ago) by bluhm
Branch: MAIN
Changes since 1.165: +2 -1 lines
Diff to previous 1.165 (colored)
In one core dump the pointers to socket, inpcb, tcpcb on the stack of tcp_input() and tcp_output() were very inconsistent. Especially the so->so_pcb is NULL which can only happen after the inp has been detached. The whole issue looks similar to the old panic: pool_do_get(inpcbpl): free list modified. http://marc.info/?l=openbsd-bugs&m=132630237316970&w=2 To get more information, add some asserts that guarantee the consistency of the socket, inpcb, tcpcb linking. They should trigger when an inp is taken from the pcb hashes after it has been freed. OK henning@
Revision 1.165 / (download) - annotate - [select for diffs], Wed Jul 31 15:41:52 2013 UTC (10 years, 10 months ago) by mikeb
Branch: MAIN
Changes since 1.164: +2 -6 lines
Diff to previous 1.164 (colored)
Move bridge_broadcast and subsequently all IPsec SPD lookup code out of the IPL_NET. pf_test should be no longer called under IPL_NET as well. The problem became evident after the related issue was brought up by David Hill <dhill at mindcry ! org>. With input from and OK mpi. Tested by David and me.
Revision 1.164 / (download) - annotate - [select for diffs], Sun Jun 9 22:03:06 2013 UTC (11 years ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.163: +2 -1 lines
Diff to previous 1.163 (colored)
Increment udpstat.udps_nosec and tcpstat.tcps_rcvnosec in case packet is dropped by IPsec security policy. input from and ok mikeb
Revision 1.163 / (download) - annotate - [select for diffs], Sat Jun 1 16:22:05 2013 UTC (11 years ago) by bluhm
Branch: MAIN
Changes since 1.162: +2 -2 lines
Diff to previous 1.162 (colored)
Pass the routing domain to IPv6 pr_ctlinput() like in IPv4. OK claudio@
Revision 1.162 / (download) - annotate - [select for diffs], Fri May 31 13:15:53 2013 UTC (11 years ago) by bluhm
Branch: MAIN
Changes since 1.161: +5 -6 lines
Diff to previous 1.161 (colored)
The function rip6_ctlinput() claims that sa6_src is constant to allow the assingment of &sa6_any. But rip6_ctlinput() could not guarantee that as it casted away the const attribute when it passes the pointer to in6_pcbnotify(). Replace sockaddr with const sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the number of casts. Also adjust in6_pcbhashlookup() to handle the const attribute correctly. Input and OK claudio@
Revision 1.161 / (download) - annotate - [select for diffs], Fri May 17 09:04:30 2013 UTC (11 years ago) by mpi
Branch: MAIN
Changes since 1.160: +1 -4 lines
Diff to previous 1.160 (colored)
Move an extern declaration into its corresponding header file.
Revision 1.160 / (download) - annotate - [select for diffs], Wed Apr 10 08:50:59 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.159: +2 -4 lines
Diff to previous 1.159 (colored)
Remove various external variable declaration from sources files and move them to the corresponding header with an appropriate comment if necessary. ok guenther@
Revision 1.159 / (download) - annotate - [select for diffs], Thu Apr 4 19:23:39 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.158: +25 -35 lines
Diff to previous 1.158 (colored)
Merge the duplicate IPv4 and IPv6 checksum checking code in udp_input() into one block. OK mpi@
Revision 1.158 / (download) - annotate - [select for diffs], Tue Apr 2 18:27:47 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.157: +4 -5 lines
Diff to previous 1.157 (colored)
Use macros sotoinpcb() and intotcpcb() instead of casts. Use NULL instead of 0 for pointers. No binary change. OK mpi@
Revision 1.157 / (download) - annotate - [select for diffs], Sun Mar 31 11:18:35 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.156: +6 -7 lines
Diff to previous 1.156 (colored)
The call to in_pcballoc() in user request attach was handled in three different ways. Use the same code in udp_usrreq() and rip_usrreq() and rip6_usrreq(). This also fixes a pcb and socket leak in udp_usrreq() in case soreserve() fails. Put an splsoftassert() into in_pcballoc() for safety. OK mpi@
Revision 1.156 / (download) - annotate - [select for diffs], Sun Mar 31 00:59:52 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.155: +4 -1 lines
Diff to previous 1.155 (colored)
Do not transfer diverted packets into IPsec processing. They should reach the socket that the user has specified in pf.conf. OK reyk@
Revision 1.155 / (download) - annotate - [select for diffs], Fri Mar 29 13:16:14 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.154: +3 -4 lines
Diff to previous 1.154 (colored)
Declare struct pf_state_key in the mbuf and in_pcb header files to avoid ugly casts. OK krw@ tedu@
Revision 1.154 / (download) - annotate - [select for diffs], Thu Mar 14 11:18:37 2013 UTC (11 years, 3 months ago) by mpi
Branch: MAIN
Changes since 1.153: +1 -16 lines
Diff to previous 1.153 (colored)
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill. ok krw@, mikeb@, tedu@ (implicit)
Revision 1.153 / (download) - annotate - [select for diffs], Sat Feb 16 14:34:52 2013 UTC (11 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.152: +2 -6 lines
Diff to previous 1.152 (colored)
Fix a bug in udp socket splicing in case a packet gets diverted and spliced and routed to loopback. The content of the pf header in the mbuf was keeping the divert information on its way. Reinitialize the whole packet header of the mbuf and remove the mbuf tags when the packet gets spliced. OK claudio@ markus@
Revision 1.152 / (download) - annotate - [select for diffs], Thu Jan 17 11:43:06 2013 UTC (11 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.151: +10 -1 lines
Diff to previous 1.151 (colored)
After finding the socket's inp by using the pf's statekey, reset the pointer to the statekey in the mbuf. When an UDP socket is spliced, pf would use this key during ip_output() although the packet went through two sockets in the meantime. Reset the mbuf's statekey in tcp_input() and udp_input() to eliminate the pointer to pf lingering in the socket buffers. OK claudio@
Revision 1.151 / (download) - annotate - [select for diffs], Fri Sep 28 16:06:20 2012 UTC (11 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.150: +5 -2 lines
Diff to previous 1.150 (colored)
free the control message in udp_input() if the packet is passed to pipex ok yasuoka@
Revision 1.150 / (download) - annotate - [select for diffs], Mon Sep 17 20:01:26 2012 UTC (11 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.149: +11 -1 lines
Diff to previous 1.149 (colored)
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT. from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
Revision 1.149 / (download) - annotate - [select for diffs], Tue Jul 17 03:18:57 2012 UTC (11 years, 10 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.148: +14 -9 lines
Diff to previous 1.148 (colored)
use IPsec flowinfo on pipex(4) to select the IPsec tunnel for sending L2TP packets. ok markus henning
Revision 1.148 / (download) - annotate - [select for diffs], Mon Jul 16 18:05:36 2012 UTC (11 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.147: +56 -4 lines
Diff to previous 1.147 (colored)
add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4) can use this to select the IPsec tunnel for sending L2TP packets. this fixes Windows (always binding to 1701) and Android clients (negotiating wildcard flows); feedback mpf@ and yasuoka@; ok henning@ and yasuoka@; ok jmc@ for the manpage
Revision 1.147 / (download) - annotate - [select for diffs], Wed Apr 4 04:31:38 2012 UTC (12 years, 2 months ago) by yasuoka
Branch: MAIN
Changes since 1.146: +7 -1 lines
Diff to previous 1.146 (colored)
pipex hook in udp_usrreq() mistakenly assumed that `inp' is connected. It could not use the destination address properly, so it failed to find the pipex session. This bug caused LCP keepalive failures on some clients. found and tested by sebastia@ and mxb at alumni.chalmers.se. ok sthen
Revision 1.146 / (download) - annotate - [select for diffs], Sat Mar 17 10:16:41 2012 UTC (12 years, 2 months ago) by dlg
Branch: MAIN
Changes since 1.145: +2 -3 lines
Diff to previous 1.145 (colored)
remove IP_JUMBO, SO_JUMBO, and RTF_JUMBO. no objection from mcbride@ krw@ markus@ deraadt@
Revision 1.145 / (download) - annotate - [select for diffs], Fri Jul 8 18:30:17 2011 UTC (12 years, 11 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.144: +2 -2 lines
Diff to previous 1.144 (colored)
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers. discussed with dlg@, ok deraadt@ mcbride@ claudio@
Revision 1.144 / (download) - annotate - [select for diffs], Fri May 13 14:31:17 2011 UTC (13 years, 1 month ago) by oga
Branch: MAIN
Changes since 1.143: +2 -15 lines
Diff to previous 1.143 (colored)
Revert the pf->socket linking diff. at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw with xxxterm not sure about pirofti) involving pool corruption while using this commit. krw and todd confirm that this backout fixes the problem. ok blambert@ krw@, todd@ henning@ and kettenis@ Double link between pf states and sockets. Henning has already implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
Revision 1.143 / (download) - annotate - [select for diffs], Wed May 4 16:05:49 2011 UTC (13 years, 1 month ago) by blambert
Branch: MAIN
Changes since 1.142: +2 -2 lines
Diff to previous 1.142 (colored)
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!). testing dlg@ ok claudio@
Revision 1.142 / (download) - annotate - [select for diffs], Thu Apr 28 09:56:27 2011 UTC (13 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.141: +4 -3 lines
Diff to previous 1.141 (colored)
Make in_broadcast() rdomain aware. Mostly mechanical change. This fixes the problem of binding sockets to broadcast IPs in other rdomains. OK henning@
Revision 1.141 / (download) - annotate - [select for diffs], Sun Apr 24 19:36:54 2011 UTC (13 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.140: +15 -2 lines
Diff to previous 1.140 (colored)
Double link between pf states and sockets. Henning has already implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
Revision 1.140 / (download) - annotate - [select for diffs], Tue Apr 5 18:01:21 2011 UTC (13 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.139: +2 -2 lines
Diff to previous 1.139 (colored)
mechanic rename M_{TCP|UDP}V4_CSUM_OUT -> M_{TCP|UDP}_CSUM_OUT
ok claudio krw
Revision 1.139 / (download) - annotate - [select for diffs], Sun Apr 3 16:09:09 2011 UTC (13 years, 2 months ago) by blambert
Branch: MAIN
Changes since 1.138: +3 -1 lines
Diff to previous 1.138 (colored)
Don't attempt to enqueue mbufs on sockets marked as SS_CANTRCVMORE, as was done earlier for routing sockets. ok claudio@
Revision 1.138 / (download) - annotate - [select for diffs], Fri Sep 24 14:50:30 2010 UTC (13 years, 8 months ago) by hsuenaga
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.137: +38 -1 lines
Diff to previous 1.137 (colored)
Add L2TP support to PIPEX. We can use IPv6 address as outer header of L2TP. Kernel ABI is changed. You must update npppd. OK @claudio, yasuoka@, dlg@
Revision 1.137 / (download) - annotate - [select for diffs], Wed Sep 8 08:34:42 2010 UTC (13 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.136: +3 -1 lines
Diff to previous 1.136 (colored)
Return EACCES when pf_test() blocks a packet in ip_output(). This allows ip_forward() to know the difference between blocked packets and those that can't be forwarded (EHOSTUNREACH). Only in the latter case an ICMP should be sent. In the other callers of ip_output() change the error back to EHOSTUNREACH since userland may not expect EACCES on a sendto(). OK henning@, markus@
Revision 1.136 / (download) - annotate - [select for diffs], Fri Jul 9 16:58:06 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.135: +3 -2 lines
Diff to previous 1.135 (colored)
Add support for using IPsec in multiple rdomains. This allows to run isakmpd/iked/ipsecctl in multiple rdomains independently (with "route exec"); the kernel will pickup the rdomain from the process context of the pfkey socket and load the flows and SAs into the matching rdomain encap routing table. The network stack also needs to pass the rdomain to the ipsec stack to lookup the correct rdomain that belongs to an interface/mbuf/... You can now run individual IPsec configs per rdomain or create IPsec VPNs between multiple rdomains on the same machine ;). Note that a primary enc(4) in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1. Test by some people, mostly on existing "rdomain 0" setups. Was in snaps for some days and people didn't complain. ok claudio@ naddy@
Revision 1.135 / (download) - annotate - [select for diffs], Sat Jul 3 04:44:51 2010 UTC (13 years, 11 months ago) by guenther
Branch: MAIN
Changes since 1.134: +4 -3 lines
Diff to previous 1.134 (colored)
Fix the naming of interfaces and variables for rdomains and rtables and make it possible to bind sockets (including listening sockets!) to rtables and not just rdomains. This changes the name of the system calls, socket option, and ioctl. After building with this you should remove the files /usr/share/man/cat2/[gs]etrdomain.0. Since this removes the existing [gs]etrdomain() system calls, the libc major is bumped. Written by claudio@, criticized^Wcritiqued by me
Revision 1.134 / (download) - annotate - [select for diffs], Tue Apr 20 22:05:43 2010 UTC (14 years, 1 month ago) by tedu
Branch: MAIN
Changes since 1.133: +2 -1 lines
Diff to previous 1.133 (colored)
remove proc.h include from uvm_map.h. This has far reaching effects, as sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
Revision 1.133 / (download) - annotate - [select for diffs], Thu Mar 11 00:24:58 2010 UTC (14 years, 3 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.132: +4 -1 lines
Diff to previous 1.132 (colored)
unbreak the build with a custom kernel config including "pseudo-device faith 1", noticed by Andris Kadar. ok kettenis@ beck@
Revision 1.132 / (download) - annotate - [select for diffs], Fri Nov 13 20:54:05 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.131: +5 -5 lines
Diff to previous 1.131 (colored)
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
Revision 1.131 / (download) - annotate - [select for diffs], Tue Nov 3 10:59:04 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.130: +2 -2 lines
Diff to previous 1.130 (colored)
rtables are stacked on rdomains (it is possible to have multiple routing tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
Revision 1.130 / (download) - annotate - [select for diffs], Mon Jun 8 23:07:08 2009 UTC (15 years ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.129: +2 -2 lines
Diff to previous 1.129 (colored)
remove stray * from comment, probably a rewrapping artefact
Revision 1.129 / (download) - annotate - [select for diffs], Fri Jun 5 00:05:22 2009 UTC (15 years ago) by claudio
Branch: MAIN
Changes since 1.128: +12 -4 lines
Diff to previous 1.128 (colored)
Initial support for routing domains. This allows to bind interfaces to alternate routing table and separate them from other interfaces in distinct routing tables. The same network can now be used in any doamin at the same time without causing conflicts. This diff is mostly mechanical and adds the necessary rdomain checks accross net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6. input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
Revision 1.128 / (download) - annotate - [select for diffs], Wed Jun 3 18:22:44 2009 UTC (15 years ago) by naddy
Branch: MAIN
Changes since 1.127: +16 -4 lines
Diff to previous 1.127 (colored)
add the basic infrastructure to take advantage of TCP and UDP receive checksum offload over IPv6; ok deraadt@
Revision 1.127 / (download) - annotate - [select for diffs], Tue Jun 2 15:32:19 2009 UTC (15 years ago) by blambert
Branch: MAIN
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)
0 -> NULL ok claudio@
Revision 1.126 / (download) - annotate - [select for diffs], Mon Oct 13 14:02:20 2008 UTC (15 years, 8 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored)
disable the pcb linking for udp for the moment since there is some weird bug with IPv6 in some circumstances. we'll find it one day... lots of debugging dhill
Revision 1.125 / (download) - annotate - [select for diffs], Wed Sep 3 12:51:39 2008 UTC (15 years, 9 months ago) by henning
Branch: MAIN
Changes since 1.124: +1 -2 lines
Diff to previous 1.124 (colored)
do not set the pkthdr mbuf state key pointer to the state key saved in the pcb. the state key ptr in the pcb is the one that had to be used by pf outbound. but by convention the state key pointer in the pkthdr is the one used INbound, so pf follows its reverse pointer to find the sk to use, and since a reverse doesn't exist for locally terminated connections the reverse pointer is null and thus the whole game a noop. note that this only affects packets FROM local udp/tcp sockets, for the other direction everything works as expected.
Revision 1.124 / (download) - annotate - [select for diffs], Wed Jul 16 09:00:44 2008 UTC (15 years, 10 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.123: +29 -10 lines
Diff to previous 1.123 (colored)
link udp pcbs to pf states, same as done for tcp already ok markus, also tested david sthen
Revision 1.123 / (download) - annotate - [select for diffs], Sat Jun 14 22:15:30 2008 UTC (16 years ago) by jsing
Branch: MAIN
Changes since 1.122: +4 -2 lines
Diff to previous 1.122 (colored)
Include "faith.h" in order to get NFAITH. Also clean up NFAITH conditionals whilst we're here. ok henning@ deraadt@
Revision 1.122 / (download) - annotate - [select for diffs], Sat Jun 14 19:54:09 2008 UTC (16 years ago) by jsing
Branch: MAIN
Changes since 1.121: +9 -28 lines
Diff to previous 1.121 (colored)
ANSIfy function definitions. ok markus@
Revision 1.121 / (download) - annotate - [select for diffs], Sat May 24 19:48:32 2008 UTC (16 years ago) by thib
Branch: MAIN
Changes since 1.120: +1 -15 lines
Diff to previous 1.120 (colored)
Remove {tcp/udp}6_usrreq(); Since the normal ones now
take a proc argument, theres no need for these, since
they are just wrappers.
OK claudio@
Revision 1.120 / (download) - annotate - [select for diffs], Fri May 23 15:51:12 2008 UTC (16 years ago) by thib
Branch: MAIN
Changes since 1.119: +6 -5 lines
Diff to previous 1.119 (colored)
Deal with the situation when TCP nfs mounts timeout and processes
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.
OK markus@, blambert@.
"go ahead" deraadt@.
Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.
Revision 1.119 / (download) - annotate - [select for diffs], Thu May 15 19:40:38 2008 UTC (16 years ago) by markus
Branch: MAIN
Changes since 1.118: +2 -2 lines
Diff to previous 1.118 (colored)
divert for ipv6; ok henning, pyr
Revision 1.118 / (download) - annotate - [select for diffs], Fri May 9 02:56:36 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.117: +9 -1 lines
Diff to previous 1.117 (colored)
IP_RECVDSTPORT, allows you to get the destination port of UDP datagrams for pf(4) diverted packets; based on patch by Scot Loach; ok beck@
Revision 1.117 / (download) - annotate - [select for diffs], Fri May 9 02:44:54 2008 UTC (16 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.116: +2 -2 lines
Diff to previous 1.116 (colored)
divert packets to local socket without modifying the ip header; makes transparent proxies much easier; ok beck@, feedback claudio@
Revision 1.116 / (download) - annotate - [select for diffs], Fri May 2 06:49:32 2008 UTC (16 years, 1 month ago) by ckuethe
Branch: MAIN
Changes since 1.115: +15 -7 lines
Diff to previous 1.115 (colored)
Make the SO_TIMESTAMP sockopt work. When set, this allows the user to get a timestamp of when the datagram was accepted (by udp(4), for example) rather than having to take a timestamp with gettimeofday(2) when recv(2) returns - possibly several hundreds of microseconds later. May be of use to those interested in precision network timing schemes or QoS for media applications. Tested on alpha, amd64, i386 and sparc64. manpage suggestions from jmc, ok deraadt
Revision 1.115 / (download) - annotate - [select for diffs], Thu Dec 13 20:00:53 2007 UTC (16 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.114: +8 -1 lines
Diff to previous 1.114 (colored)
implement sysctls to report IP, TCP, UDP, and ICMP statistics and change netstat to use them instead of accessing kvm for it. more protocols will be added later. discussed with deraadt@ claudio@ gilles@ ok deraadt@
Revision 1.114 / (download) - annotate - [select for diffs], Mon Jun 11 11:29:35 2007 UTC (17 years ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.113: +2 -7 lines
Diff to previous 1.113 (colored)
there was code inside #if NPF > 0, but pf.h was not included, so it did not get build. the code looks at flags that used to be in mbuf tags, now they are in the mbuf header, so we can check them unconditionally. problem spotted by Daniel Roethlisberger <daniel@roe.ch>, ok ryan markus
Revision 1.113 / (download) - annotate - [select for diffs], Sun May 27 20:17:05 2007 UTC (17 years ago) by dlg
Branch: MAIN
Changes since 1.112: +5 -5 lines
Diff to previous 1.112 (colored)
-static
Revision 1.112 / (download) - annotate - [select for diffs], Sat Dec 9 01:12:28 2006 UTC (17 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.111: +6 -7 lines
Diff to previous 1.111 (colored)
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API. bump libc shlib minor for function additions. tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
Revision 1.111 / (download) - annotate - [select for diffs], Mon Nov 27 11:00:12 2006 UTC (17 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.110: +25 -22 lines
Diff to previous 1.110 (colored)
The current implementation to handle control options is broken as soon as SO_REUSEADDR and multicast/broadcast comes into play. Model the ip_savecontrol handling after the rip_input version which works. Problem found by Simon Kelley. OK henning@ michele@
Revision 1.110 / (download) - annotate - [select for diffs], Mon Jul 17 12:16:36 2006 UTC (17 years, 10 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.109: +7 -1 lines
Diff to previous 1.109 (colored)
Call ip_savecontrol() in the multicast codepath of udp_input() similar to the INET6 code. With this it is possible to use e.g. IP_RECVIF to get the incomming interface. SOCK_RAW is not affected by this. Problem found and fixed by Michele 'mydecay' Marchetto. OK markus@
Revision 1.109 / (download) - annotate - [select for diffs], Thu Jun 15 10:12:36 2006 UTC (18 years ago) by pascoe
Branch: MAIN
Changes since 1.108: +2 -2 lines
Diff to previous 1.108 (colored)
Make number of varargs passed to ip_output match reality. henning@ claudio@ ok
Revision 1.108 / (download) - annotate - [select for diffs], Mon May 29 20:42:27 2006 UTC (18 years ago) by claudio
Branch: MAIN
Changes since 1.107: +3 -52 lines
Diff to previous 1.107 (colored)
Make savecontrol functions more generic and use them now for raw IP too. Additionally add the IP_RECVIF option which returns the interface a packet was received on. OK markus@ norby@
Revision 1.107 / (download) - annotate - [select for diffs], Tue May 16 12:39:21 2006 UTC (18 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.106: +3 -11 lines
Diff to previous 1.106 (colored)
- pcbflags is not modified in pcb_(dis)connect, so there's no need to save/restore it. - inp->inp_laddr should be set _before_ calling pcb_disconnect(). otherwise pcb_disconnect() calls pcb_rehash() with the old laddr. [ currently this is not a problem since the hash ignores laddr ] tested by pedro
Revision 1.106 / (download) - annotate - [select for diffs], Fri Jan 13 10:11:23 2006 UTC (18 years, 5 months ago) by mpf
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.105: +11 -2 lines
Diff to previous 1.105 (colored)
Path MTU discovery for NAT-T. OK markus@, "looks good" hshoexer@
Revision 1.105 / (download) - annotate - [select for diffs], Mon Oct 17 08:43:34 2005 UTC (18 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.104: +11 -5 lines
Diff to previous 1.104 (colored)
make pf use one mbuf tag instead of 6 distinct ones. use a little struct in the data part for the data from the previously distinct tags. look up the tag early and carry a pointer to it around. makes the code easier and saves some tag lookups and thus helps performance, as proven by tests run by Schberle Dniel <Schoeberle.Daniel@aamtech.hu> Initially hacked up somewhere over the atlantic ocean in an A330 early testing reyk and moritz, "put it in" theo
Revision 1.104 / (download) - annotate - [select for diffs], Fri May 27 04:55:28 2005 UTC (19 years ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.103: +3 -2 lines
Diff to previous 1.103 (colored)
Experimental support for opportunitic use of jumbograms where only some hosts on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@
Revision 1.103 / (download) - annotate - [select for diffs], Mon Apr 25 17:55:52 2005 UTC (19 years, 1 month ago) by brad
Branch: MAIN
Changes since 1.102: +5 -5 lines
Diff to previous 1.102 (colored)
csum -> csum_flags ok krw@ canacar@
Revision 1.102 / (download) - annotate - [select for diffs], Tue Aug 10 20:11:04 2004 UTC (19 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.101: +10 -3 lines
Diff to previous 1.101 (colored)
replace in_pcbnotify with in_pcbhashlookup and avoid looping over all connections; ok dhartmei, canacar, mcbride
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jun 14 05:24:04 2004 UTC (20 years ago) by mcbride
Branch: MAIN
Changes since 1.100: +2 -2 lines
Diff to previous 1.100 (colored)
spelling
Revision 1.38.2.9 / (download) - annotate - [select for diffs], Sat Jun 5 23:11:26 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.38.2.8: +16 -16 lines
Diff to previous 1.38.2.8 (colored) to branchpoint 1.38 (colored) next main 1.39 (colored)
Merge with the trunk
Revision 1.100 / (download) - annotate - [select for diffs], Wed Apr 14 05:34:15 2004 UTC (20 years, 2 months ago) by itojun
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A
Changes since 1.99: +6 -1 lines
Diff to previous 1.99 (colored)
with IPv6, udp checksum is mandatory. henning ok
Revision 1.99 / (download) - annotate - [select for diffs], Sun Mar 21 20:58:10 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.98: +3 -7 lines
Diff to previous 1.98 (colored)
fix udp checksum verification if ip options are present; report from Pyun via dhartmei@; ok mcbride@, dhartmei@
Revision 1.38.2.8 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:24 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.38.2.7: +66 -33 lines
Diff to previous 1.38.2.7 (colored) to branchpoint 1.38 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.98 / (download) - annotate - [select for diffs], Tue Feb 17 12:07:45 2004 UTC (20 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.97: +10 -11 lines
Diff to previous 1.97 (colored)
switch to sysctl_int_arr(); ok henning, deraadt
Revision 1.97 / (download) - annotate - [select for diffs], Wed Jan 7 09:56:13 2004 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
in_pcbnotify() now returns number of matches.
Revision 1.96 / (download) - annotate - [select for diffs], Sun Dec 21 14:57:19 2003 UTC (20 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.95: +2 -4 lines
Diff to previous 1.95 (colored)
use CIRCLEQ* for pcb's; ok deraadt, henning, mcbride, with help from canacar
Revision 1.95 / (download) - annotate - [select for diffs], Wed Dec 10 07:22:43 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.94: +13 -13 lines
Diff to previous 1.94 (colored)
de-register. deraadt ok
Revision 1.94 / (download) - annotate - [select for diffs], Mon Dec 8 07:07:36 2003 UTC (20 years, 6 months ago) by mcbride
Branch: MAIN
Changes since 1.93: +6 -4 lines
Diff to previous 1.93 (colored)
Mbuf tag tcp and udp packets which are translated to localhost, and
use the the presence of this tag to reverse the match order in
in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double
bind, binding to both * and localhost in order to differentiate local
from non-local connections, and potentially granting more privilege to
local ones. This change ensures that redirected connections to localhost
do not appear local to such a daemon.
Bulk of changes from dhartmei@, some changes markus@
ok dhartmei@ deraadt@
Revision 1.93 / (download) - annotate - [select for diffs], Tue Dec 2 23:16:29 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.92: +42 -1 lines
Diff to previous 1.92 (colored)
UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) ok deraadt@
Revision 1.92 / (download) - annotate - [select for diffs], Tue Nov 4 21:43:16 2003 UTC (20 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.91: +8 -16 lines
Diff to previous 1.91 (colored)
add in(6)_pcblookup_listen() and replace all calls to in_pcblookup() with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen(); in_pcblookup is now only used by bind(2); speeds up pcb lookup for listening sockets; from Claudio Jeker
Revision 1.91 / (download) - annotate - [select for diffs], Wed Jul 9 22:03:16 2003 UTC (20 years, 11 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
do not flip ip_len/ip_off in netinet stack. deraadt ok. (please test, especially PF portion)
Revision 1.38.2.7 / (download) - annotate - [select for diffs], Sat Jun 7 11:06:08 2003 UTC (21 years ago) by ho
Branch: SMP
Changes since 1.38.2.6: +27 -43 lines
Diff to previous 1.38.2.6 (colored) to branchpoint 1.38 (colored)
Sync SMP branch to -current
Revision 1.90 / (download) - annotate - [select for diffs], Mon Jun 2 23:28:15 2003 UTC (21 years ago) by millert
Branch: MAIN
Changes since 1.89: +2 -6 lines
Diff to previous 1.89 (colored)
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
Revision 1.89 / (download) - annotate - [select for diffs], Fri May 30 01:09:16 2003 UTC (21 years ago) by itojun
Branch: MAIN
Changes since 1.88: +7 -3 lines
Diff to previous 1.88 (colored)
missing #ifdef INET6. fries found it
Revision 1.88 / (download) - annotate - [select for diffs], Thu May 29 00:32:59 2003 UTC (21 years ago) by itojun
Branch: MAIN
Changes since 1.87: +23 -39 lines
Diff to previous 1.87 (colored)
use m_pulldown instead of m_pullup2. enable support for IPv6 jumbogram. markus & art ok
Revision 1.74.4.3 / (download) - annotate - [select for diffs], Mon May 19 22:40:41 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.74.4.2: +3 -1 lines
Diff to previous 1.74.4.2 (colored) to branchpoint 1.74 (colored) next main 1.75 (colored)
sync
Revision 1.38.2.6 / (download) - annotate - [select for diffs], Tue May 13 19:36:18 2003 UTC (21 years, 1 month ago) by ho
Branch: SMP
Changes since 1.38.2.5: +3 -1 lines
Diff to previous 1.38.2.5 (colored) to branchpoint 1.38 (colored)
Sync the SMP branch to -current. This includes moving to ELF.
Revision 1.87 / (download) - annotate - [select for diffs], Mon May 12 00:48:52 2003 UTC (21 years, 1 month ago) by jason
Branch: MAIN
CVS Tags: UBC_SYNC_A
Changes since 1.86: +3 -1 lines
Diff to previous 1.86 (colored)
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
Revision 1.38.2.5 / (download) - annotate - [select for diffs], Fri Mar 28 00:06:55 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.38.2.4: +80 -75 lines
Diff to previous 1.38.2.4 (colored) to branchpoint 1.38 (colored)
Sync the SMP branch with 3.3
Revision 1.74.4.2 / (download) - annotate - [select for diffs], Tue Oct 29 00:36:47 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.74.4.1: +67 -70 lines
Diff to previous 1.74.4.1 (colored) to branchpoint 1.74 (colored)
sync to -current
Revision 1.86 / (download) - annotate - [select for diffs], Wed Aug 28 15:43:03 2002 UTC (21 years, 9 months ago) by pefo
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
Fix a problem where passing NULL as a pointer with varargs does not promote NULL to full 64 bits on a 64 bit address system. Soultion is to add a (void *) cast before NULL. This makes a 64 bit MIPS kernel work and will probably help future 64 bit ports as well. OK from art@
Revision 1.85 / (download) - annotate - [select for diffs], Mon Aug 19 02:31:02 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.84: +32 -32 lines
Diff to previous 1.84 (colored)
be consistent with other KAME source, use "ip6" for ip6_hdr, not "ipv6".
Revision 1.84 / (download) - annotate - [select for diffs], Fri Jun 28 09:15:12 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.83: +67 -94 lines
Diff to previous 1.83 (colored)
undo recent changes; they still crash for people (dhclient this time). This is a bullshit process. Test your shit before you toss it into the tree.
Revision 1.83 / (download) - annotate - [select for diffs], Wed Jun 26 17:38:12 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored)
Check for associated socket.
Revision 1.82 / (download) - annotate - [select for diffs], Wed Jun 26 16:37:58 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.81: +15 -10 lines
Diff to previous 1.81 (colored)
A bit more paranoid.
Revision 1.81 / (download) - annotate - [select for diffs], Tue Jun 25 00:21:58 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.80: +4 -1 lines
Diff to previous 1.80 (colored)
Ifdef the function proto as well.
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jun 25 00:21:32 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.79: +86 -67 lines
Diff to previous 1.79 (colored)
Make udp_input() a bit more readable by farming out the IPsec input policy checking to a separate routine. Also, add missing checks for multicast sockets, pointed out by sam@errno.com
Revision 1.79 / (download) - annotate - [select for diffs], Thu Jun 20 03:49:02 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.78: +27 -30 lines
Diff to previous 1.78 (colored)
minor indent cleanup while reading code
Revision 1.74.4.1 / (download) - annotate - [select for diffs], Tue Jun 11 03:31:37 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.74: +20 -24 lines
Diff to previous 1.74 (colored)
Sync UBC branch to -current
Revision 1.78 / (download) - annotate - [select for diffs], Sun Jun 9 16:26:11 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.77: +10 -10 lines
Diff to previous 1.77 (colored)
whitespace
Revision 1.77 / (download) - annotate - [select for diffs], Fri May 31 04:43:26 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.76: +15 -7 lines
Diff to previous 1.76 (colored)
Socket-specific IPsec policy.
Revision 1.38.2.4 / (download) - annotate - [select for diffs], Thu Mar 28 14:56:46 2002 UTC (22 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.38.2.3: +6 -18 lines
Diff to previous 1.38.2.3 (colored) to branchpoint 1.38 (colored)
Merge in -current from roughly a week ago
Revision 1.76 / (download) - annotate - [select for diffs], Fri Mar 15 18:19:53 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.75: +1 -13 lines
Diff to previous 1.75 (colored)
Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things the ANSI way.
Revision 1.75 / (download) - annotate - [select for diffs], Thu Mar 14 01:27:11 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
Changes since 1.74: +6 -6 lines
Diff to previous 1.74 (colored)
First round of __P removal in sys
Revision 1.38.2.3 / (download) - annotate - [select for diffs], Wed Jul 4 10:55:12 2001 UTC (22 years, 11 months ago) by niklas
Branch: SMP
Changes since 1.38.2.2: +111 -72 lines
Diff to previous 1.38.2.2 (colored) to branchpoint 1.38 (colored)
Merge in -current from two days ago in the SMP branch. As usual with merges, they do not indicate progress, so do not hold your breath for working SMP, and do not mail me and ask about the state of it. It has not changed. There is work ongoing, but very, very slowly. The commit is done in parts as to not lock up the tree in too big chunks at a time.
Revision 1.74 / (download) - annotate - [select for diffs], Mon Jun 25 02:06:40 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
CVS Tags: UBC_BASE,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Branch point for: UBC
Changes since 1.73: +9 -24 lines
Diff to previous 1.73 (colored)
Defer output checksumming until ip_output() or hardware.
Revision 1.73 / (download) - annotate - [select for diffs], Mon Jun 25 00:11:58 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.72: +4 -3 lines
Diff to previous 1.72 (colored)
Use in_cksum_phdr() rather than in_cksum() -- from NetBSD
Revision 1.72 / (download) - annotate - [select for diffs], Sun Jun 24 23:01:59 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.71: +5 -13 lines
Diff to previous 1.71 (colored)
Remove printfs, fix comment typos.
Revision 1.71 / (download) - annotate - [select for diffs], Sun Jun 24 22:50:59 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.70: +30 -3 lines
Diff to previous 1.70 (colored)
Save tdb_remote_auth on the PCB on latching; also save information on UDP PCB's if the socket is connected.
Revision 1.70 / (download) - annotate - [select for diffs], Sat Jun 23 18:54:44 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.69: +8 -7 lines
Diff to previous 1.69 (colored)
Clear the checksum flags after verification. Also, don't count checksum errors as hardware checksum packets as well.
Revision 1.69 / (download) - annotate - [select for diffs], Sat Jun 23 16:15:56 2001 UTC (22 years, 11 months ago) by fgsch
Branch: MAIN
Changes since 1.68: +1 -2 lines
Diff to previous 1.68 (colored)
Remove unneeded ip_id convertions. Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment.
Revision 1.68 / (download) - annotate - [select for diffs], Sat Jun 23 07:14:32 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.67: +3 -2 lines
Diff to previous 1.67 (colored)
Likewise, only use outgoing TCP/UDP hardware checksumming if the interface is not in bridge mode.
Revision 1.67 / (download) - annotate - [select for diffs], Sat Jun 23 06:03:13 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.66: +14 -5 lines
Diff to previous 1.66 (colored)
Keep stats on TCP/UDP hardware checksumming.
Revision 1.66 / (download) - annotate - [select for diffs], Sat Jun 23 05:36:08 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.65: +14 -1 lines
Diff to previous 1.65 (colored)
TCP/UDP hardware checksumming. Untested, since txp dies when it tries to compute the checksums. Still, it shouldn't affect anything.
Revision 1.65 / (download) - annotate - [select for diffs], Sat Jun 23 03:42:10 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.64: +5 -5 lines
Diff to previous 1.64 (colored)
Initialize only if no hardware checksumming.
Revision 1.64 / (download) - annotate - [select for diffs], Sat Jun 23 02:27:11 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.63: +10 -5 lines
Diff to previous 1.63 (colored)
TCP, UDP, IPv4 input hardware checksumming processing; also IPv4 output hardware checksumming. Not tested yet, but should be done tonight. Remain to be solved: interactions with bridge, TCP/UDP output checksumming, interactions of TCP/UDP checksumming with routing changes.
Revision 1.63 / (download) - annotate - [select for diffs], Tue Jun 19 00:48:23 2001 UTC (22 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.62: +2 -1 lines
Diff to previous 1.62 (colored)
mop up after angelos
Revision 1.62 / (download) - annotate - [select for diffs], Fri Jun 8 03:53:47 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.61: +1 -18 lines
Diff to previous 1.61 (colored)
Cut down on include files.
Revision 1.61 / (download) - annotate - [select for diffs], Tue Jun 5 02:31:37 2001 UTC (23 years ago) by deraadt
Branch: MAIN
Changes since 1.60: +38 -14 lines
Diff to previous 1.60 (colored)
repair copyright notices for NRL & cmetz; cmetz
Revision 1.60 / (download) - annotate - [select for diffs], Sun May 27 03:13:30 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.59: +3 -6 lines
Diff to previous 1.59 (colored)
Remove unnecessary comment.
Revision 1.59 / (download) - annotate - [select for diffs], Sun May 27 00:39:27 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
Use the new IPsec tags.
Revision 1.58 / (download) - annotate - [select for diffs], Sun May 20 08:35:12 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.57: +8 -8 lines
Diff to previous 1.57 (colored)
Use packet tags instead of tdbi.
Revision 1.38.2.2 / (download) - annotate - [select for diffs], Mon May 14 22:40:15 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.38.2.1: +243 -319 lines
Diff to previous 1.38.2.1 (colored) to branchpoint 1.38 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.57 / (download) - annotate - [select for diffs], Fri May 11 17:20:12 2001 UTC (23 years, 1 month ago) by aaron
Branch: MAIN
Changes since 1.56: +3 -2 lines
Diff to previous 1.56 (colored)
Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok
Revision 1.56 / (download) - annotate - [select for diffs], Wed Mar 28 20:03:07 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.55: +2 -33 lines
Diff to previous 1.55 (colored)
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
Revision 1.51.2.1 / (download) - annotate - [select for diffs], Tue Mar 6 19:29:17 2001 UTC (23 years, 3 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.51: +10 -10 lines
Diff to previous 1.51 (colored) next main 1.52 (colored)
Pull in patch from current: Fix (aaron): Move the test for bogus packet length in udp_output() closer to the top of the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@.
Revision 1.55 / (download) - annotate - [select for diffs], Tue Mar 6 18:34:17 2001 UTC (23 years, 3 months ago) by aaron
Branch: MAIN
Changes since 1.54: +10 -10 lines
Diff to previous 1.54 (colored)
Move the test for bogus packet length in udp_output() closer to the top of the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@.
Revision 1.54 / (download) - annotate - [select for diffs], Fri Feb 16 16:17:31 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.53: +37 -188 lines
Diff to previous 1.53 (colored)
remove IPv6 case from udp_output. now we have separate udp6_output.
Revision 1.53 / (download) - annotate - [select for diffs], Fri Feb 16 16:00:54 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.52: +101 -47 lines
Diff to previous 1.52 (colored)
pull in new pcb notification code from kame. better handling of scope address.
Revision 1.52 / (download) - annotate - [select for diffs], Mon Dec 11 08:04:56 2000 UTC (23 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.51: +107 -34 lines
Diff to previous 1.51 (colored)
nuke #ifdef TCP6 (no longer supported). validate ICMPv6 too big messages (pmtud) based on pcb. we accept certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for traffic from unconnected pcb, we need pmtud). sync with kame
Revision 1.51 / (download) - annotate - [select for diffs], Fri Oct 13 17:58:37 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.50: +11 -9 lines
Diff to previous 1.50 (colored)
validate mbuf chain length on *_ctlinput. remote node may be able to transmit a truncated icmp6 packet and panic the system. sync with kame.
Revision 1.50 / (download) - annotate - [select for diffs], Wed Oct 11 09:14:13 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.49: +10 -21 lines
Diff to previous 1.49 (colored)
nuke inp_flags bits for controlling IPv4 mapped address. we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
Revision 1.49 / (download) - annotate - [select for diffs], Fri Sep 22 17:51:46 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.48: +3 -3 lines
Diff to previous 1.48 (colored)
Move the PI_MAGIC define outside the INET6 ifdef block (doh!)
Revision 1.48 / (download) - annotate - [select for diffs], Tue Sep 19 03:21:00 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.47: +52 -38 lines
Diff to previous 1.47 (colored)
Lots and lots of changes.
Revision 1.47 / (download) - annotate - [select for diffs], Thu Jul 27 06:29:09 2000 UTC (23 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.46: +1 -14 lines
Diff to previous 1.46 (colored)
raw6/udp6 sockets are okay with :: in src.
Revision 1.46 / (download) - annotate - [select for diffs], Thu Jul 27 04:05:27 2000 UTC (23 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.45: +14 -1 lines
Diff to previous 1.45 (colored)
be proactive about unspecified IPv6 source address. pcb layer uses unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS).
Revision 1.45 / (download) - annotate - [select for diffs], Sun Jun 18 17:32:48 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.44: +8 -1 lines
Diff to previous 1.44 (colored)
sync with KAME udp6_output(). udp output logic is very different between IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases
Revision 1.44 / (download) - annotate - [select for diffs], Tue Jun 13 11:47:24 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.43: +9 -13 lines
Diff to previous 1.43 (colored)
comment out flowinfo manipulation on inbound. the spec is not very clear.
Revision 1.43 / (download) - annotate - [select for diffs], Tue Jun 13 10:29:44 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.42: +5 -3 lines
Diff to previous 1.42 (colored)
avoid mbuf leak on non-matching ifp/sockaddr
Revision 1.42 / (download) - annotate - [select for diffs], Tue Jun 13 10:26:43 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
on UDPv6 sendto, correctly set oifp.
Revision 1.41 / (download) - annotate - [select for diffs], Tue Jun 13 10:12:00 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.40: +13 -42 lines
Diff to previous 1.40 (colored)
allow link-local IPv6 addres in in6_pcbbind.
Revision 1.40 / (download) - annotate - [select for diffs], Sun Apr 9 17:43:02 2000 UTC (24 years, 2 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.39: +1 -3 lines
Diff to previous 1.39 (colored)
Pass ip_off and ip_len in the correct byte order to icmp_error(); this should fix the crash problems with isic, reported last week.
Revision 1.38.2.1 / (download) - annotate - [select for diffs], Sun Feb 20 11:57:31 2000 UTC (24 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
Merge in recent code from the trunk
Revision 1.39 / (download) - annotate - [select for diffs], Fri Feb 18 05:21:01 2000 UTC (24 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
fix alignment problem in ancillary data (alpha). only ipv6 tools (which touches ancillary data) are affected. From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>
Revision 1.38 / (download) - annotate - [select for diffs], Mon Feb 7 06:09:09 2000 UTC (24 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: SMP_BASE
Branch point for: SMP
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored)
fix include file path related to ip6.
Revision 1.37 / (download) - annotate - [select for diffs], Fri Jan 7 16:34:10 2000 UTC (24 years, 5 months ago) by angelos
Branch: MAIN
Changes since 1.36: +7 -1 lines
Diff to previous 1.36 (colored)
Early check for destination port 0 (itojun@)
Revision 1.36 / (download) - annotate - [select for diffs], Tue Jan 4 10:38:36 2000 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.35: +4 -3 lines
Diff to previous 1.35 (colored)
keep paren match.
Revision 1.35 / (download) - annotate - [select for diffs], Tue Jan 4 04:17:39 2000 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.34: +1 -47 lines
Diff to previous 1.34 (colored)
remove support for v4 mapped address completely.
Revision 1.34 / (download) - annotate - [select for diffs], Fri Dec 31 22:07:44 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.33: +4 -1 lines
Diff to previous 1.33 (colored)
be sure to cleanup "opts" pointer on multicast udp packet reception.
Revision 1.33 / (download) - annotate - [select for diffs], Tue Dec 21 15:41:08 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.32: +8 -1 lines
Diff to previous 1.32 (colored)
be paranoid about malicious use of v4 mapped addr on v6 packet. malicious party may try to use v4 mapped addr as source/dest to confuse tcp/udp layer, or to bypass security checks, for example, naive stack can mistakingly think a packet with src = ::ffff:127.0.0.1 is from local node. (sync with kame)
Revision 1.32 / (download) - annotate - [select for diffs], Sun Dec 19 02:52:21 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.31: +8 -13 lines
Diff to previous 1.31 (colored)
reject AF mismatch for inbonud multicast traffic.
Revision 1.31 / (download) - annotate - [select for diffs], Fri Dec 17 22:47:05 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.30: +11 -1 lines
Diff to previous 1.30 (colored)
do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address is bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
Revision 1.30 / (download) - annotate - [select for diffs], Sun Dec 12 10:59:41 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.29: +64 -70 lines
Diff to previous 1.29 (colored)
fix IPv6 advanced API (RFC2292) for udp socket. TODO: ditto for raw and tcp socket
Revision 1.29 / (download) - annotate - [select for diffs], Wed Dec 8 06:50:20 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kame_19991208
Changes since 1.28: +265 -61 lines
Diff to previous 1.28 (colored)
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
Revision 1.28 / (download) - annotate - [select for diffs], Thu Nov 4 11:24:24 1999 UTC (24 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.27: +3 -1 lines
Diff to previous 1.27 (colored)
Add comment about gettdb() and spl level.
Revision 1.27 / (download) - annotate - [select for diffs], Thu Sep 23 07:20:35 1999 UTC (24 years, 8 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.26: +1 -3 lines
Diff to previous 1.26 (colored)
fix same-interface-out-as-in and packet gets corrupted bug noted by james@oaktree.co.uk by re-working icmp embedded-packet code so that ip_forward() m_copy()-aliased packet can be forwarded to ip_output and icmp_error() safely, because no packet tweaking is needed before calling icmp_error()
Revision 1.26 / (download) - annotate - [select for diffs], Sun Jun 6 23:34:20 1999 UTC (25 years ago) by deraadt
Branch: MAIN
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)
avoid a future problem inside an #ifdef notyet
Revision 1.25 / (download) - annotate - [select for diffs], Sat Mar 27 21:04:20 1999 UTC (25 years, 2 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.24: +38 -1 lines
Diff to previous 1.24 (colored)
add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Mar 24 02:59:06 1999 UTC (25 years, 2 months ago) by cmetz
Branch: MAIN
Changes since 1.23: +46 -49 lines
Diff to previous 1.23 (colored)
Reworked udp_output() to minimize the number of if() statements needed to get packets out. Also had the nice side effect of fewer blocks now move around by ifdefs, which makes it more readable.
Revision 1.23 / (download) - annotate - [select for diffs], Wed Feb 17 00:14:26 1999 UTC (25 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.22: +195 -168 lines
Diff to previous 1.22 (colored)
inet6 indent
Revision 1.22 / (download) - annotate - [select for diffs], Thu Feb 4 16:05:02 1999 UTC (25 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.21: +10 -9 lines
Diff to previous 1.21 (colored)
report on no udp checksum
Revision 1.21 / (download) - annotate - [select for diffs], Fri Jan 15 12:01:07 1999 UTC (25 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
IN_MULTICAST takes network order addresses
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jan 11 16:05:46 1999 UTC (25 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.19: +6 -6 lines
Diff to previous 1.19 (colored)
Use bzero instead of memset in the kernel
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jan 11 02:01:36 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.18: +378 -29 lines
Diff to previous 1.18 (colored)
netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 7 06:05:05 1999 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
in_pcblookup() now takes ptr to both ip address arguments
Revision 1.17 / (download) - annotate - [select for diffs], Thu Dec 31 11:16:55 1998 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.16: +5 -2 lines
Diff to previous 1.16 (colored)
mangle uh_sum as before, but recover it for icmp errors
Revision 1.16 / (download) - annotate - [select for diffs], Mon Dec 28 23:54:58 1998 UTC (25 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.15: +5 -2 lines
Diff to previous 1.15 (colored)
ensure the ip packet embedded inside an icmp packet has correct ip_len, ip_off, ip_id. for udp, also correct uh_sum. ip_sum is still set to 0; (all this debugged using nmap)
Revision 1.15 / (download) - annotate - [select for diffs], Mon May 18 21:11:12 1998 UTC (26 years ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_4_BASE,
OPENBSD_2_4
Changes since 1.14: +11 -2 lines
Diff to previous 1.14 (colored)
first step to the setsockopt/getsockopt interface as described in draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Jan 24 18:21:39 1998 UTC (26 years, 4 months ago) by mickey
Branch: MAIN
CVS Tags: OPENBSD_2_3_BASE,
OPENBSD_2_3
Changes since 1.13: +7 -3 lines
Diff to previous 1.13 (colored)
sysctl for def sizes for tcp/udp send/recv queues
Revision 1.13 / (download) - annotate - [select for diffs], Sun Sep 7 02:19:24 1997 UTC (26 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_2_BASE,
OPENBSD_2_2
Changes since 1.12: +5 -3 lines
Diff to previous 1.12 (colored)
for broadcast/multicast packets, correct m_pkthdr.len on the way up to the socket; drochner@zelz26.zel.kfa-juelich.de
Revision 1.12 / (download) - annotate - [select for diffs], Sat Aug 9 23:36:28 1997 UTC (26 years, 10 months ago) by millert
Branch: MAIN
Changes since 1.11: +7 -1 lines
Diff to previous 1.11 (colored)
The list of tcp/udp ports not to allocate dynamically is now a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jul 24 00:31:15 1997 UTC (26 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
cmd is a u_long
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jun 27 02:23:22 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)
udp icmp errors had ip_len 20 bytes too large; stevens p774; koji@math.human.nagoya-u.ac.jp
Revision 1.9 / (download) - annotate - [select for diffs], Sun Feb 16 04:42:50 1997 UTC (27 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_1_BASE,
OPENBSD_2_1
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
udp packets less than min udp packet length are bad; davem@jenolan.rutgers.edu
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jan 26 01:23:46 1997 UTC (27 years, 4 months ago) by tholo
Branch: MAIN
Changes since 1.7: +10 -1 lines
Diff to previous 1.7 (colored)
Make ip_len and ip_off unsigned values; don't transmit or accept packets larger than the maximum IP packet size. From NetBSD.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jul 5 20:42:18 1996 UTC (27 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_0_BASE,
OPENBSD_2_0
Changes since 1.6: +3 -2 lines
Diff to previous 1.6 (colored)
release temporary binding if M_PREPEND fails; netbsd pr#2605; tegge@idt.unit.no; improved by me
Revision 1.6 / (download) - annotate - [select for diffs], Wed May 15 09:03:12 1996 UTC (28 years, 1 month ago) by mickey
Branch: MAIN
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)
let udpcksum control generation, but not cheking of udp cksums.
Revision 1.5 / (download) - annotate - [select for diffs], Thu May 2 23:34:11 1996 UTC (28 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.4: +1 -5 lines
Diff to previous 1.4 (colored)
udpcksum should never be off in the modern world
Revision 1.4 / (download) - annotate - [select for diffs], Sun Apr 21 22:29:03 1996 UTC (28 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)
partial sync with netbsd 960418, more to come
Revision 1.3 / (download) - annotate - [select for diffs], Sun Mar 3 22:30:51 1996 UTC (28 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.2: +58 -28 lines
Diff to previous 1.2 (colored)
From NetBSD: 960217 merge
Revision 1.2 / (download) - annotate - [select for diffs], Thu Dec 14 06:50:54 1995 UTC (28 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +4 -6 lines
Diff to previous 1.1 (colored)
from netbsd: make netinet work on systems where pointers and longs are 64 bits (like the alpha). Biggest problem: IP headers were overlayed with structure which included pointers, and which therefore didn't overlay properly on 64-bit machines. Solution: instead of threading pointers through IP header overlays, add a "queue element" structure to do the threading, and point it at the ip headers.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed Oct 18 08:53:13 1995 UTC (28 years, 8 months ago) by deraadt
CVS Tags: netbsd_1_1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
initial import of NetBSD tree
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 18 08:53:13 1995 UTC (28 years, 8 months ago) by deraadt
Branch: MAIN
Initial revision