FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F13.2.0 2023-02-02T00:01:06Z 2023-02-02T00:01:06Z Michael Tuexen tuexen@FreeBSD.org 2022-11-07T07:50:51Z urn:sha1:9983b0126bbad586e7b1748719da5c8132ec3e4d Including sctp_var.h requires INET to be defined if IPv4 support is needed. (cherry picked from commit 126f8248ccfee8e9252a8b449694b8619738599f) 2021-12-29T10:52:52Z Bjoern A. Zeeb bz@FreeBSD.org 2021-12-26T15:33:48Z urn:sha1:a7e7700fa741d64a31e9d7596175fc0461687b86 RFC792,1009,1122 state the original conditions for sending a redirect. RFC1812 further refine these. ip_forward() still sepcifies the checks originally implemented for these (we do slightly more/different than suggested as makes sense). The implementation added in 8ad114c082a159c0dde95aa35d2e3e108aa30a75 to ip_tryforward() however is flawed and may send a "multi-hop" redirects (to a host not on the directly connected network). Do proper checks in ip_tryforward() to stop us from sending redirects in situations we may not. Keep as much logic out of ip_tryforward() and in ip_redir_alloc() and only do the mbuf copy once we are sure we will send a redirect. While here enhance and fix comments as to which conditions are handled for sending redirects in various places. Reported by: pi (on net@ 2021-12-04) Sponsored by: Dr.-Ing. Nepustil & Co. GmbH Reviewed by: cy, others (earlier versions) Differential Revision: https://reviews.freebsd.org/D33274 (cherry picked from commit f389439f50fc4c27d15d3017b622270e25ba71c7) 2021-09-07T21:25:06Z Zhenlei Huang zlei.huang@gmail.com 2021-08-22T22:28:47Z urn:sha1:e8df60a69a0e70905fb9aa3e9ad7bc4ca0f6a2b2 Implement kernel support for RFC 5549/8950. * Relax control plane restrictions and allow specifying IPv6 gateways for IPv4 routes. This behavior is controlled by the net.route.rib_route_ipv6_nexthop sysctl (on by default). * Always pass final destination in ro->ro_dst in ip_forward(). * Use ro->ro_dst to exract packet family inside if_output() routines. Consistently use RO_GET_FAMILY() macro to handle ro=NULL case. * Pass extracted family to nd6_resolve() to get the LLE with proper encap. It leverages recent lltable changes committed in c541bd368f86. Presence of the functionality can be checked using ipv4_rfc5549_support feature(3). Example usage: route add -net 192.0.0.0/24 -inet6 fe80::5054:ff:fe14:e319%vtnet0 Differential Revision: https://reviews.freebsd.org/D30398 (cherry picked from commit 62e1a437f3285e785d9b35a476d36a469a90028d) 2021-06-17T08:08:59Z Zhenlei Huang zlei.huang@gmail.com 2021-05-18T20:51:37Z urn:sha1:7da8312f7bf050be4fe436ea66ac46414312ae26 The current implement of ip_input() reject packets destined for 169.254.0.0/16, but not those original from 169.254.0.0/16 link-local addresses. Fix to fully respect RFC 3927 section 2.7. PR: 255388 Reviewed by: donner, rgrimes, karels Differential Revision: https://reviews.freebsd.org/D29968 Reviewed by: rgrimes, donner, karels, marcus, emaste Differential Revision: https://reviews.freebsd.org/D30374 (cherry picked from commit 3d846e48227e2e78c1e7b35145f57353ffda56ba) (cherry picked from commit 03b0505b8fe848f33f2f38fe89dd5538908c847e) 2021-03-13T20:19:17Z Alexander V. Chernikov melifaro@FreeBSD.org 2021-03-08T21:35:41Z urn:sha1:8aafa7a0276302a0dcc3d0bd78b4d3842dfd1640 Summary: This fixes rtentry leak for the cloned interfaces created inside the VNET. Loopback teardown order is `SI_SUB_INIT_IF`, which happens after `SI_SUB_PROTO_DOMAIN` (route table teardown). Thus, any route table operations are too late to schedule. As the intent of the vnet teardown procedures to minimise the amount of effort by doing global cleanups instead of per-interface ones, address this by adding a relatively light-weight routing table cleanup function, `rib_flush_routes()`. It removes all remaining routes from the routing table and schedules the deletion, which will happen later, when `rtables_destroy()` waits for the current epoch to finish. Test Plan: ``` set_skip:set_skip_group_lo -> passed [0.053s] tail -n 200 /var/log/messages | grep rtentry ``` PR: 253998 Reported by: rashey at superbox.pl Reviewed By: kp Differential Revision: https://reviews.freebsd.org/D29116 (cherry picked from commit b1d63265ac399112b3bca36c3d75df1a3c2c8102) 2020-11-29T19:43:33Z Alexander V. Chernikov melifaro@FreeBSD.org 2020-11-29T19:43:33Z urn:sha1:d1d941c5b910e075495cb06b92a99d3a3e7a3d6c ROUTE_MPATH is the new config option controlling new multipath routing implementation. Remove the last pieces of RADIX_MPATH-related code and the config option. Reviewed by: glebius Differential Revision: https://reviews.freebsd.org/D27244 2020-11-13T18:25:07Z Ed Maste emaste@FreeBSD.org 2020-11-13T18:25:07Z urn:sha1:360d1232ab075d5825b2ae860dd1718084684413 Discussed with: gnn MFC with: r367628 2020-11-12T21:58:47Z George V. Neville-Neil gnn@FreeBSD.org 2020-11-12T21:58:47Z urn:sha1:8ad114c082a159c0dde95aa35d2e3e108aa30a75 due to its lack of support for ICMP redirects. The following commit adds redirects to the fastforward path, again allowing for decent forwarding performance in the kernel. Reviewed by: ae, melifaro Sponsored by: Rubicon Communications, LLC (d/b/a "Netgate") 2020-09-01T21:19:14Z Mateusz Guzik mjg@FreeBSD.org 2020-09-01T21:19:14Z urn:sha1:662c13053f4bf2d6245ba7e2b66c10d1cd5c1fb9 2020-07-01T15:42:48Z Mark Johnston markj@FreeBSD.org 2020-07-01T15:42:48Z urn:sha1:d16a2e47844cc200a6f58858932e4a3937bad9f0 It may be possible to fix this by deferring the lookup, but let's keep the initial change simple to make MFCs easier. PR: 246951 Reviewed by: melifaro MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25519