summaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* When several carp interfaces are attached to Ethernet interface,Gleb Smirnoff2005-03-301-27/+37
| | | | | | | | | | | | | | | carp_carpdev_state_locked() is called every time carp interface is attached. The first call backs up flags of the first interface, and the second call backs up them again, erasing correct values. To solve this, a carp_sc_state_locked() function is introduced. It is called when interface is attached to parent, instead of calling carp_carpdev_state_locked. carp_carpdev_state_locked() calls carp_sc_state_locked() for each sc in chain. Reported by: Yuriy N. Shkandybin, sem Notes: svn path=/head/; revision=144329
* - Don't free mbuf, passed to interface output method if the latterGleb Smirnoff2005-03-291-2/+1
| | | | | | | | | | | | | returns error. In this case mbuf has already been freed. [1] - Remove redundant declaration. PR: kern/78893 [1] Submitted by: Liang Yi [1] Reviewed by: sam MFC after: 1 day Notes: svn path=/head/; revision=144301
* eliminate extraneous null ptr checksSam Leffler2005-03-293-5/+5
| | | | | | | Noticed by: Coverity Prevent analysis tool Notes: svn path=/head/; revision=144260
* deal with malloc failuresSam Leffler2005-03-261-7/+16
| | | | | | | | Noticed by: Coverity Prevent analysis tool Together with: mdodd Notes: svn path=/head/; revision=144163
* o Document net.inet.ip.portrange.random* sysctls.Maxim Konovalov2005-03-231-7/+10
| | | | | | | | | | | o Correct a comment about random port allocation threshold implementation. Reviewed by: silby, ru MFC after: 3 days Notes: svn path=/head/; revision=144016
* ifma_protospec is a pointer. Use NULL when assigning or compating it.Gleb Smirnoff2005-03-201-2/+2
| | | | Notes: svn path=/head/; revision=143881
* Remove a workaround from previos revision. It proved to be incorrect.Gleb Smirnoff2005-03-201-7/+16
| | | | | | | | | | | Add two another workarounds for carp(4) interfaces: - do not add connected route when address is assigned to carp(4) interface - do not add connected route when other interface goes down Embrace workarounds with #ifdef DEV_CARP Notes: svn path=/head/; revision=143868
* If vhid exists return more informative EEXIST instead of EINVAL. While hereGleb Smirnoff2005-03-181-3/+2
| | | | | | | remove redundant brackets. Notes: svn path=/head/; revision=143806
* Fix a potential crash that could occur when CARP_LOG is being used.Gleb Smirnoff2005-03-181-2/+1
| | | | | | | Obtained from: OpenBSD (pat) Notes: svn path=/head/; revision=143804
* plug resource leakSam Leffler2005-03-161-1/+3
| | | | | | | Noticed by: Coverity Prevent analysis tool Notes: svn path=/head/; revision=143676
* In tcp_usr_send(), broaden coverage of the socket buffer lock in theRobert Watson2005-03-141-1/+4
| | | | | | | | | | non-OOB case so that the sbspace() check is performed under the same lock instance as the append to the send socket buffer. MFC after: 1 week Notes: svn path=/head/; revision=143610
* Embrace with #ifdef DEV_CARP carp-related code.Gleb Smirnoff2005-03-131-2/+7
| | | | Notes: svn path=/head/; revision=143491
* Add antifootshooting workaround, which will make all routes "connected"Gleb Smirnoff2005-03-101-0/+6
| | | | | | | | to carp(4) interfaces host routes. This prevents a problem, when connected network is routed to carp(4) interface. Notes: svn path=/head/; revision=143374
* Add limits on the number of elements in the sack scoreboard bothPaul Saab2005-03-092-3/+42
| | | | | | | | | | | per-connection and globally. This eliminates potential DoS attacks where SACK scoreboard elements tie up too much memory. Submitted by: Raja Mukerji (raja at moselle dot com). Reviewed by: Mohan Srinivasan (mohans at yahoo-inc dot com). Notes: svn path=/head/; revision=143339
* Make ARP do not complain about wrong interface if correct interfaceGleb Smirnoff2005-03-091-7/+14
| | | | | | | | | is a carp one and address matched it. Reviewed by: brooks Notes: svn path=/head/; revision=143314
* Fix a problem in the Skinny ALG where a specially crafted packet could causeJoe Marcus Clarke2005-03-031-4/+4
| | | | | | | | | | | | a libalias application (e.g. natd, ppp, etc.) to crash. Note: Skinny support is not enabled in natd or ppp by default. Approved by: secteam (nectar) MFC after: 1 day Secuiryt: This fixes a remote DoS exploit Notes: svn path=/head/; revision=143083
* Fix typo. Unbreak build. Take pointy hat.Gleb Smirnoff2005-03-021-1/+1
| | | | Notes: svn path=/head/; revision=142996
* Add more locking when reading/writing to carp softc. When carp softc isGleb Smirnoff2005-03-011-31/+140
| | | | | | | | | | | | | | | | | attached to a parent interface we use its mutex to lock the softc. This means that in several places like carp_ioctl() we lock softc conditionaly. This should be redesigned. To avoid LORs when MII announces us a link state change, we schedule a quick callout and call carp_carpdev_state_locked() from it. Initialize callouts using NET_CALLOUT_MPSAFE. Sponsored by: Rambler Reviewed by: mlaier Notes: svn path=/head/; revision=142914
* - Add carp_mtx. Use it to protect list of all carp interfaces.Gleb Smirnoff2005-03-011-18/+20
| | | | | | | | | | | - In carp_send_ad_all() walk through list of all carp interfaces instead of walking through list of all interfaces. Sponsored by: Rambler Reviewed by: mlaier Notes: svn path=/head/; revision=142911
* Use NET_CALLOUT_MPSAFE macro.Gleb Smirnoff2005-03-016-25/+17
| | | | Notes: svn path=/head/; revision=142906
* Revert change to struct ifnet. Use ifnet pointer in softc. EmbeddingGleb Smirnoff2005-03-011-1/+1
| | | | | | | | | ifnet into smth will soon be removed. Requested by: brooks Notes: svn path=/head/; revision=142901
* Remove debugging printf.Gleb Smirnoff2005-03-011-1/+0
| | | | | | | Reviewed by: mlaier Notes: svn path=/head/; revision=142897
* Support running carp(4) over a vlan(4) parent interface.Yaroslav Tykhiy2005-02-281-1/+2
| | | | | | | Encouraged by: glebius Notes: svn path=/head/; revision=142798
* Remove unused field from carp softc.Gleb Smirnoff2005-02-281-3/+0
| | | | | | | OK'ed by: mcbride@OpenBSD Notes: svn path=/head/; revision=142785
* Fix tcpdump(8) on carp(4) interface:Gleb Smirnoff2005-02-281-16/+5
| | | | | | | | | | | | | | | - Use our loop DLT type, not OpenBSD. [1] - The fields that are converted to network byte order are not 32-bit fields but 16-bit fields, so htons should be used in htonl. [1] - Secondly, ip_input changes ip->ip_len into its value without the ip-header length. So, restore the length to make bpf happy. [1] - Use bpf_mtap2(), use temporary af1, since bpf_mtap2 doesn't understand uint8_t af identifier. Submitted by: Frank Volf [1] Notes: svn path=/head/; revision=142784
* If the receiver sends an ack that is out of [snd_una, snd_max],Paul Saab2005-02-271-0/+3
| | | | | | | | | | | ignore the sack options in that segment. Else we'd end up corrupting the scoreboard. Found by: Raja Mukerji (raja at moselle dot com) Submitted by: Mohan Srinivasan Notes: svn path=/head/; revision=142688
* Unbreak the build. carp_iamatch6 and carp_macmatch6 are not supposed to beMax Laier2005-02-271-2/+2
| | | | | | | static as they are used elsewhere. Notes: svn path=/head/; revision=142641
* Remove carp_softc.sc_ifp member in favor of union pointers in struct ifnet.Gleb Smirnoff2005-02-261-21/+21
| | | | | | | Obtained from: OpenBSD Notes: svn path=/head/; revision=142564
* Staticize local functions.Gleb Smirnoff2005-02-261-53/+53
| | | | Notes: svn path=/head/; revision=142559
* New lines when logging.Gleb Smirnoff2005-02-251-17/+18
| | | | Notes: svn path=/head/; revision=142452
* Embrace macros with do {} while (0)Gleb Smirnoff2005-02-251-2/+4
| | | | | | | Submitted by: maxim Notes: svn path=/head/; revision=142451
* Call carp_carpdev_state() from carp_set_addr6(). See log for rev 1.4.Gleb Smirnoff2005-02-251-1/+1
| | | | | | | Sponsored by: Rambler Notes: svn path=/head/; revision=142447
* Improve logging:Gleb Smirnoff2005-02-251-38/+52
| | | | | | | | | | | | | | | - Simplify CARP_LOG() and making it working (we don't have addlog in FreeBSD). - Introduce CARP_DEBUG() which logs with LOG_DEBUG severity when net.inet.carp.log > 1 - Use CARP_DEBUG to log state changes of carp interfaces. After CARP_LOG() cleanup it appeared that carp_input_c() does not need sc argument. Remove it. Sponsored by: Rambler Notes: svn path=/head/; revision=142446
* Fix problem when master comes up with one interface down, and preemptsGleb Smirnoff2005-02-241-2/+2
| | | | | | | | | | | | | | | mastering on all other interfaces: - call carp_carpdev_state() on initialize instead of just setting to INIT - in carp_carpdev_state() check that interface is UP, instead of checking that it is not DOWN, because a rebooted machine may have interface in UNKNOWN state. Sponsored by: Rambler Obtained from: OpenBSD (partially) Notes: svn path=/head/; revision=142371
* fix potential invalid index into ip_protox arraySam Leffler2005-02-231-2/+2
| | | | | | | Noticed by: Coverity Prevent analysis tool Notes: svn path=/head/; revision=142268
* Unbreak CARP build on 64-bit architectures.Maxime Henrion2005-02-231-1/+1
| | | | | | | Tested on: sparc64 Notes: svn path=/head/; revision=142266
* Bring back the full packet destination manipulation for 'ipfw fwd'Andre Oppermann2005-02-222-1/+17
| | | | | | | | | | | | | | | | | | | | | | | with the kernel compile time option: options IPFIREWALL_FORWARD_EXTENDED This option has to be specified in addition to IPFIRWALL_FORWARD. With this option even packets targeted for an IP address local to the host can be redirected. All restrictions to ensure proper behaviour for locally generated packets are turned off. Firewall rules have to be carefully crafted to make sure that things like PMTU discovery do not break. Document the two kernel options. PR: kern/71910 PR: kern/73129 MFC after: 1 week Notes: svn path=/head/; revision=142248
* Remove promisc counter from parent interface in carp_clone_destroy(),Gleb Smirnoff2005-02-221-0/+1
| | | | | | | | | | | | | | | so that parent interface is not left in promiscous mode after carp interface is destroyed. This is not perfect, since promisc counter is added when carp interface is assigned an IP address. However, when address is removed parent interface is still in promiscuous mode. Only removal of carp interface removes promisc from parent. Same way in OpenBSD. Sponsored by: Rambler Notes: svn path=/head/; revision=142243
* Add CARP (Common Address Redundancy Protocol), which allows multipleGleb Smirnoff2005-02-227-5/+2259
| | | | | | | | | | | | | | | | hosts to share an IP address, providing high availability and load balancing. Original work on CARP done by Michael Shalayeff, with many additions by Marco Pfatschbacher and Ryan McBride. FreeBSD port done solely by Max Laier. Patch by: mlaier Obtained from: OpenBSD (mickey, mcbride) Notes: svn path=/head/; revision=142215
* We can make code simplier after last change.Gleb Smirnoff2005-02-221-2/+2
| | | | | | | Noticed by: Andrew Thompson Notes: svn path=/head/; revision=142212
* In in_pcbconnect_setup() jailed sockets are treated specially: if localGleb Smirnoff2005-02-221-0/+5
| | | | | | | | | | | | | | | | | | address is not supplied, then jail IP is choosed and in_pcbbind() is called. Since udp_output() does not save local addr after call to in_pcbconnect_setup(), in_pcbbind() is called for each packet, and this is incorrect. So, we shall treat jailed sockets specially in udp_output(), we will save their local address. This fixes a long standing bug with broken sendto() system call in jails. PR: kern/26506 Reviewed by: rwatson MFC after: 2 weeks Notes: svn path=/head/; revision=142207
* In in_pcbconnect_setup() remove a check that route points atGleb Smirnoff2005-02-221-4/+2
| | | | | | | | | | | | loopback interface. Nobody have explained me sense of this check. It breaks connect() system call to a destination address which is loopback routed (e.g. blackholed). Reviewed by: silence on net@ MFC after: 2 weeks Notes: svn path=/head/; revision=142206
* In the current world order, solisten() implements the state transition ofRobert Watson2005-02-211-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a socket from a regular socket to a listening socket able to accept new connections. As part of this state transition, solisten() calls into the protocol to update protocol-layer state. There were several bugs in this implementation that could result in a race wherein a TCP SYN received in the interval between the protocol state transition and the shortly following socket layer transition would result in a panic in the TCP code, as the socket would be in the TCPS_LISTEN state, but the socket would not have the SO_ACCEPTCONN flag set. This change does the following: - Pushes the socket state transition from the socket layer solisten() to to socket "library" routines called from the protocol. This permits the socket routines to be called while holding the protocol mutexes, preventing a race exposing the incomplete socket state transition to TCP after the TCP state transition has completed. The check for a socket layer state transition is performed by solisten_proto_check(), and the actual transition is performed by solisten_proto(). - Holds the socket lock for the duration of the socket state test and set, and over the protocol layer state transition, which is now possible as the socket lock is acquired by the protocol layer, rather than vice versa. This prevents additional state related races in the socket layer. This permits the dual transition of socket layer and protocol layer state to occur while holding locks for both layers, making the two changes atomic with respect to one another. Similar changes are likely require elsewhere in the socket/protocol code. Reported by: Peter Holm <peter@holm.cc> Review and fixes from: emax, Antoine Brodin <antoine.brodin@laposte.net> Philosophical head nod: gnn Notes: svn path=/head/; revision=142190
* Remove 2 (SACK) fields from the tcpcb. These are only used by aPaul Saab2005-02-174-20/+13
| | | | | | | | | | function that is called from tcp_input(), so they oughta be passed on the stack instead of stuck in the tcpcb. Submitted by: Mohan Srinivasan Notes: svn path=/head/; revision=142031
* Fix for a SACK (receiver) bug where incorrect SACK blocks arePaul Saab2005-02-162-8/+10
| | | | | | | | | | | reported to the sender - in the case where the sender sends data outside the window (as WinXP does :(). Reported by: Sam Jensen <sam at wand dot net dot nz> Submitted by: Mohan Srinivasan Notes: svn path=/head/; revision=141961
* - Retransmit just one segment on initiation of SACK recovery.Paul Saab2005-02-143-42/+18
| | | | | | | | | | | Remove the SACK "initburst" sysctl. - Fix bugs in SACK dupack and partialack handling that can cause large bursts while in SACK recovery. Submitted by: Mohan Srinivasan Notes: svn path=/head/; revision=141928
* o Add handling of an IPv4-mapped IPv6 address.Maxim Konovalov2005-02-144-92/+196
| | | | | | | | | | | | | | | | o Use SYSCTL_IN() macro instead of direct call of copyin(9). Submitted by: ume o Move sysctl_drop() implementation to sys/netinet/tcp_subr.c where most of tcp sysctls live. o There are net.inet[6].tcp[6].getcred sysctls already, no needs in a separate struct tcp_ident_mapping. Suggested by: ume Notes: svn path=/head/; revision=141886
* Jump to common action checks after doing specific once. This fixes addingGleb Smirnoff2005-02-061-0/+5
| | | | | | | | | of divert rules, which I break in previous commit. Pointy hat to: glebius Notes: svn path=/head/; revision=141383
* o Implement net.inet.tcp.drop sysctl and userland part, tcpdrop(8)Maxim Konovalov2005-02-062-1/+93
| | | | | | | | | | | | | | | utility: The tcpdrop command drops the TCP connection specified by the local address laddr, port lport and the foreign address faddr, port fport. Obtained from: OpenBSD Reviewed by: rwatson (locking), ru (man page), -current MFC after: 1 month Notes: svn path=/head/; revision=141381
* Add a ng_ipfw node, implementing a quick and simple interface betweenGleb Smirnoff2005-02-053-0/+77
| | | | | | | | | ipfw(4) and netgraph(4) facilities. Reviewed by: andre, brooks, julian Notes: svn path=/head/; revision=141351
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-05 15:26:53 +0000