FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=releng%2F5.0 2002-11-20T19:07:27Z 2002-11-20T19:07:27Z Luigi Rizzo luigi@FreeBSD.org 2002-11-20T19:07:27Z urn:sha1:97850a5dd9c14361417fef688aed00fa6568c770 bridge.c nor if_ethersubr.c depend on IPFIREWALL. Restore the use of fw_one_pass in if_ethersubr.c ipfw.8 will be updated with a separate commit. Approved by: re 2002-11-19T17:06:06Z Mike Silbersack silby@FreeBSD.org 2002-11-19T17:06:06Z urn:sha1:df285b3d1d6d1c0682d5c1991f27def40674e316 and set it to 0 by default. Partially obtained from: NetBSD Suggested by: David Gilbert MFC after: 5 days 2002-11-15T22:53:53Z Luigi Rizzo luigi@FreeBSD.org 2002-11-15T22:53:53Z urn:sha1:bbb4330b6156ef2827cc03ff4aab7a0fe307683c No functional changes, but: + the mrouting module now should behave the same as the compiled-in version (it did not before, some of the rsvp code was not loaded properly); + netinet/ip_mroute.c is now truly optional; + removed some redundant/unused code; + changed many instances of '0' to NULL and INADDR_ANY as appropriate; + removed several static variables to make the code more SMP-friendly; + fixed some minor bugs in the mrouting code (mostly, incorrect return values from functions). This commit is also a prerequisite to the addition of support for PIM, which i would like to put in before DP2 (it does not change any of the existing APIs, anyways). Note, in the process we found out that some device drivers fail to properly handle changes in IFF_ALLMULTI, leading to interesting behaviour when a multicast router is started. This bug is not corrected by this commit, and will be fixed with a separate commit. Detailed changes: -------------------- netinet/ip_mroute.c all the above. conf/files make ip_mroute.c optional net/route.c fix mrt_ioctl hook netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here together with other rsvp code, and a couple of indentation fixes. netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks netinet/ip_var.h rsvp function hooks netinet/raw_ip.c hooks for mrouting and rsvp functions, plus interface cleanup. netinet/ip_mroute.h remove an unused and optional field from a struct Most of the code is from Pavlin Radoslavov and the XORP project Reviewed by: sam MFC after: 1 week 2002-10-20T22:52:07Z Poul-Henning Kamp phk@FreeBSD.org 2002-10-20T22:52:07Z urn:sha1:53be11f68094cc5a97a63759a91d4a8f1a8a38b6 Remove the never completed _IP_VHL version, it has not caught on anywhere and it would make us incompatible with other BSD netstacks to retain this version. Add a CTASSERT protecting sizeof(struct ip) == 20. Don't let the size of struct ipq depend on the IPDIVERT option. This is a functional no-op commit. Approved by: re 2002-10-16T09:01:48Z Guido van Rooij guido@FreeBSD.org 2002-10-16T09:01:48Z urn:sha1:2f591ab8fe8e5ff651f2d1edf9e1cdd61318abbf supposed to be checked by the firewall rules twice. However, because the various ipsec handlers never call ip_input(), this never happens anyway. This fixes the situation where a gif tunnel is encrypted with IPsec. In such a case, after IPsec processing, the unencrypted contents from the GIF tunnel are fed back to the ipintrq and subsequently handeld by ip_input(). Yet, since there still is IPSec history attached, the packets coming out from the gif device are never fed into the filtering code. This fix was sent to Itojun, and he pointed towartds http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction. This patch actually implements what is stated there (specifically: Packet came from tunnel devices (gif(4) and ipip(4)) will still go through ipf(4). You may need to identify these packets by using interface name directive in ipf.conf(5). Reviewed by: rwatson MFC after: 3 weeks 2002-10-16T02:25:05Z Sam Leffler sam@FreeBSD.org 2002-10-16T02:25:05Z urn:sha1:b9234fafa0783687e83b2fa646e3ee137d87913a configuration stuff as well as conditional code in the IPv4 and IPv6 areas. Everything is conditional on FAST_IPSEC which is mutually exclusive with IPSEC (KAME IPsec implmentation). As noted previously, don't use FAST_IPSEC with INET6 at the moment. Reviewed by: KAME, rwatson Approved by: silence Supported by: Vernier Networks 2002-10-16T01:54:46Z Sam Leffler sam@FreeBSD.org 2002-10-16T01:54:46Z urn:sha1:5d846453059191a77d5a696064b702aca7dc4760 o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month 2002-10-10T12:03:36Z Maxim Konovalov maxim@FreeBSD.org 2002-10-10T12:03:36Z urn:sha1:a5428e3a9acae6607e36d8c986e1746869156ef7 PR: misc/42121 Submitted by: Praveen Khurjekar <praveen@codito.com> Reviewed by: silence on -net MFC after: 1 month 2002-09-28T17:15:38Z Poul-Henning Kamp phk@FreeBSD.org 2002-09-28T17:15:38Z urn:sha1:37c841831ff323187d7f749947244f7e278a14ea static in its prototype, mark it static at the definition too. Inspired by: FlexeLint warning #512 2002-09-18T19:43:01Z Poul-Henning Kamp phk@FreeBSD.org 2002-09-18T19:43:01Z urn:sha1:a5554bf05bdc817d612c72f5841c6d87d8dbf191