Quiting Tom: The problem is the special case of an RTM_GET message
that wants interface information included in the response, and
therefore include the RTA_IFA or RTA_IFP (or both) flags in the
bitmask that says what addresses are supplied in the message. For
the RTM_GET message, it doesn't make sense to supply addresses
other than the one you're asking about, so those two other bits
are, in that specific case, overloaded with this meaning.
There is code in sys/net/rtsock.c to handle the case, but at some
time, extra sanity checking of the received message was added, that
failed to take this possibility into account.
The patch, is needed for the Asterisk software PBX to work properly
when it has multiple interfaces active: it needs to ask the kernel
for the IP address of the interface that will be used to communicate
with a given host.
1.) There is objection against this change by at least one developer.
2.) These changes cause repeatable system lockups and crashes for
at least four people.
received packets in csum_flags in the packet header. Packets that are
forwarded over the bridge need to have csum_flags cleared before being
put on the output queue. Do so in bridge_enqueue().
Discussed with Jason Thorpe.
Fixes PR kern/27007 and the first part of PR kern/21831.
This prevent a variety of fun panics, and therefore fixes PR 12932, PR 17561,
and PR 18376...
XXX
...however this is most definitely a hack. The real problem here is that there
is no callback to notify a "client" interface like vlan when a "parent"
interface's status changes, and therefore the vlan interface is always
IFF_RUNNING. This allows packets to be queued on vlan interface at any time.
We can't simply leave the packets on the vlan interface, either, because there
is no callback to dequeue them. And last, since it's always IFF_RUNNING, if
we just *toss* the packets, we lose gratuitous ARPs and DAD packets.
"This needs work," but at least it no longer bleeds.
the functionality of M_PREPEND, but with a bug: m_pkthdr.len was
not updated in pppoutput as it is in M_PREPEND.
Also, replace the loop that measures the length of the mbuf chain
with a call to m_length.
This fixes a PR from an anonymous bug reporter. Thank you, anonymous
bug reporter. Thanks, Itojun, for bringing the anonymous bug report
to my attention.
for consistency with M_FREE() and m_freem(). Affected files:
sys/mbuf.h
kern/uipc_socket2.c
kern/uipc_mbuf.c
net/if_ethersubr.c
netatalk/ddp_input.c
nfs/nfs_socket.c
Add bpf_deliver prototype.
Rename bpf_measure to m_length and move it to sys/sys/mbuf.h. I
make m_length an inline function in the header file to preserve
its performance characteristics, for better or for worse.
Optimize m_length: use the length in m_pkthdr.len, if M_PKTHDR.
In bpf_deliver, zero the on-stack mbuf before we do anything else
with it.
* always acquire the device instance lock at splnet()
* missing unlocks in various places
Also, since this driver allows its device instances manipulated by two
independent subsystems (character device & interface clone create/destroy),
be careful not to rip away instance data in a clone destroy request if the
instance is still opened as a character device.
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
to pool_init. Untouched pools are ones that either in arch-specific
code, or aren't initialiased during initial system startup.
Convert struct session, ucred and lockf to pools.
particule device. In doing this, make a new the bpf_stat structure with
members that are u_long rather than u_int, matching the counters in the bpf_d.
the original bpf_stat is now bpf_stat_old and so to the original ioctl
is preserved as BIOCGSTATSOLD.
not a read operation should be allowed to sleep. This allows the use of
bd_rtout with a value of "-1" to be eliminated (signed comparison and
assignment to an unsigned long.)
* in 1.91, a change was introduced that had bpfpoll() returning POLLRDNORM
set when the timeout expired. This impacted poorly on performance as well
as causing select to return an fd available for reading when it wasn't.
Change the behaviour here to only allow the possibility of POLLIN being
returned as active in the event of a timeout.
Fix the behaviour of BIOCIMMEDIATE (fix from LBL BPF code via FreeBSD.)
In bpf_mtap(), optimise the calling of bpf_filter() and catchpacket()
based on whether or not the entire packet is in one mbuf (based on
similar change FreeBSD but fixes BIOC*SEESENT issue with that.)
Copy the implementation of BIOCSSEESENT, BIOCGSEESENT by FreeBSD.
Review Assistance: Guy Harris
PRs: kern/8674, kern/12170
Increase the default bpf buffer size used by naive apps that don't do
BIOCSBLEN, from 8k to 32k. The former value of 8192 is too small to
hold a normal jumbo Ethernet frame (circa 9k), 16k is a little small
for Large-jumbo (~16k) frames supported by newer gigabit
Ethernet/10Gbe, so (somewhat arbitrarily) increase the default to 32k.
Increase the upper limit to which BIOSBLEN can raise bpf buffer-size
drastically, to 1 Mbyte. State-of-the-art for packet capture circa
1999 was around 256k; savvy NetBSD developers now use 1 Mbyte.
Note that libpcap has been updated to do binary-search on BIOCSBLEN
values up to 1 Mbyte.
Work is in progress to make both values sysctl'able. Source comments
note that consensus on tech-net is that we should find some heuristic
to set the boot-time default values dynamically, based on system memory.
to check if interface exists, as (1) if_index has different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
since when we have introduced dynamically-created interfaces. from kame
the tag before forwarding the packet, make sure the packet+tag is at least
68 bytes long.
This is necessary because our parent will only pad to 64 bytes (ETHER_MIN_LEN)
and some switches will not pad by themselves after deleting a tag.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded. Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.
PS - I'm sorry, but there's a distinct lack of documentation at the
moment. I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
mbuf chains which are recycled (e.g., ICMP reflection, loopback
interface). A consensus was reached that such recycled packets should
behave (more-or-less) the same way if a new chain had been allocated
and the contents copied to that chain.
Some packet tags may in future be marked as "persistent" (e.g., for
mandatory access controls) and should persist across such deletion.
NetBSD as yet hos no persistent tags, so m_tag_delete_nonpersistent()
just deletes all tags. This should not be relied upon.
The code was assuming that interface addresses are removed one-by-one.
With IPv6 and multicasts, removal of one address can remove other
addresses as side effect, which caused accesses of free()d memory.
sysctl. Add a protocol-independent sysctl handler to show the per-protocol
"struct ifq' statistics. Add IP(v4) specific call to the handler.
Other protocols can show their per-protocol input statistics by
allocating a sysclt node and calling sysctl_ifq() with their own struct ifq *.
As posted to tech-kern plus improvements/cleanup suggested by Andrew Brown.
some problem setting the media to the requested value (usually IFM_AUTO),
we now force the media selection to IFM_NONE.
This addresses PR/14029 ``panic("ifmedia_set") a little too brutal''
and may address to some degree PR/19504 and PR/23341.
* introduce fsetown(), fgetown(), fownsignal() - this sets/retrieves/signals
the owner of descriptor, according to appropriate sematics
of TIOCSPGRP/FIOSETOWN/SIOCSPGRP/TIOCGPGRP/FIOGETOWN/SIOCGPGRP ioctl; use
these routines instead of custom code where appropriate
* make every place handling TIOCSPGRP/TIOCGPGRP handle also FIOSETOWN/FIOGETOWN
properly, and remove the translation of FIO[SG]OWN to TIOC[SG]PGRP
in sys_ioctl() & sys_fcntl()
* also remove the socket-specific hack in sys_ioctl()/sys_fcntl() and
pass the ioctls down to soo_ioctl() as any other ioctl
change discussed on tech-kern@
filter or not. We only need to run the filter for bridge_forward() and
bridge_broadcast(). If we also run it for bridge_output(), we will run
the filter twice outbound per packet, so don't.
In bridge_ipf(), make sure we don't run m_cat() on a single mbuf chain
by checking to see (and remembering) if we need to m_split() the mbuf.
This fixes bridge + ipfilter on sparc.
Fixes PR kern/22063.
As long as we receive data from the peer, don't worry. When we have not
received anything within the "max_noreceive" period, we start sending LCP
echo requests and count them, until we receive an answer (or some data)
or the "maxalive" count of not answered echo requests is reached.
All this is checked at a global 10 seconds interval for all interfaces.
The "max_noreceive" period and the "maxalive" count are configurable per
interface.
and for regression-testing performance at various MTUs.
NB: route MTU may not track MTU changes, which may cause problems for
AF_ISO if loopback MTU is decreased. I've never seen problems with IP,
in various tests going back to around NetBSD 1.3.
configured with ``options FAST_IPSEC''. Kernels with KAME IPsec or
with no IPsec should work as before.
All calls to ip_output() now always pass an additional compulsory
argument: the inpcb associated with the packet being sent,
or 0 if no inpcb is available.
Fast-ipsec tested with ICMP or UDP over ESP. TCP doesn't work, yet.
did not fit in struct osockaddr. Fixes linux emulation issue where bogus
addresses where returned for the interfaces [AF_LINK, AF_INET6]. While
I am here, change ioctl, so if the ifconf buffer passed is NULL, then it
computes how much space is needed and returns it in ifc_len.
Now, bridged ipv6 packets are passed through ipfilter.
However, some v6 packets still do not get transmitted when ipf is enabled.
Partial fix for PR kern/22063.
Hopefully this will fix ALTQ for ISDN and PPPoE interfaces.
While there remove an unsued function which contained dubious code
(accessing interface queue internals w/o the proper macros).
driver (and for eventual synchronization w/ Sam's enhancements to
FreeBSD).
From dyoung@netbsd.org, factor ieee80211_create_ibss and
ieee80211_match_bss out of ieee80211_end_scan for re-use in the
forthcoming ADM8211 driver.
dsl