#
1.65 |
|
11-Jan-2024 |
bluhm |
Use domain name for socket lock.
Syzkaller with witness complains about lock ordering of pf lock with socket lock. Socket lock for inet is taken before pf lock. Pf lock is taken before socket lock for route. This is a false positive as route and inet socket locks are distinct. Witness does not know this. Name the socket lock like the domain of the socket, then rwlock name is used in witness lo_name subtype. Make domain names more consistent for locking, they were not used anyway. Regardless of witness problem, unique lock name for each socket type make sense.
Reported-by: syzbot+34d22dcbf20d76629c5a@syzkaller.appspotmail.com Reported-by: syzbot+fde8d07ba74b69d0adfe@syzkaller.appspotmail.com OK mvs@
|
Revision tags: OPENBSD_7_4_BASE
|
#
1.64 |
|
18-May-2023 |
mvs |
Backout sysctl(2) unlocking. Lock order issue was triggered in UVM layer.
|
#
1.63 |
|
18-May-2023 |
mvs |
Revert ip_sysctl() unlocking. Lock order issue was triggered in UVM layer.
|
#
1.62 |
|
16-May-2023 |
mvs |
Introduce temporary PR_MPSYSCTL flag to mark (*pr_sysctl)() handler MP safe. We have may of them, so use flag instead of pushing kernel lock within.
Unlock ip_sysctl(). Still take kernel lock within IPCTL_MRTSTATS case. It looks like `mrtstat' protection is inconsistent, so keep locking as it was. Since `mrtstat' are counters, it make sense to rework them into per CPU counters with separate diffs.
Feedback and ok from bluhm@
|
#
1.61 |
|
04-May-2023 |
mvs |
Push kernel lock deep down to sys_sysctl(). At least network subset of sysctl(8) MIBs relies on netlock or another locks and doesn't require kernel lock, so unlock it. The protocols layer *_sysctl()s are left under kernel lock and will be sequentially unlocked later.
ok bluhm@
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.60 |
|
14-Aug-2022 |
jsg |
remove unneeded includes in sys/kern ok mpi@ miod@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.59 |
|
25-May-2021 |
bluhm |
As network features are not added dynamically, the domain structures are constant. Having more const makes MP review easier. More pointers are mapped read-only in the kernel image. OK deraadt@ mvs@
|
#
1.58 |
|
17-May-2021 |
claudio |
Increase the default buffer space using on PF_UNIX sockets to 8k. Additionally make the values tuneable via sysctl. OK deraadt@ mvs@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.57 |
|
03-Jul-2019 |
dlg |
add the kernel side of net.link.ifrxq.pressure_return and pressure_drop
these values are used as the backpressure thresholds in the interface rx q processing code. theyre being exposed as tunables to userland while we are figuring out what the best values for them are.
ok visa@ deraadt@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Jun-2018 |
denis |
Replace value with a constant
OK bluhm@, jca@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.64 |
|
18-May-2023 |
mvs |
Backout sysctl(2) unlocking. Lock order issue was triggered in UVM layer.
|
#
1.63 |
|
18-May-2023 |
mvs |
Revert ip_sysctl() unlocking. Lock order issue was triggered in UVM layer.
|
#
1.62 |
|
16-May-2023 |
mvs |
Introduce temporary PR_MPSYSCTL flag to mark (*pr_sysctl)() handler MP safe. We have may of them, so use flag instead of pushing kernel lock within.
Unlock ip_sysctl(). Still take kernel lock within IPCTL_MRTSTATS case. It looks like `mrtstat' protection is inconsistent, so keep locking as it was. Since `mrtstat' are counters, it make sense to rework them into per CPU counters with separate diffs.
Feedback and ok from bluhm@
|
#
1.61 |
|
04-May-2023 |
mvs |
Push kernel lock deep down to sys_sysctl(). At least network subset of sysctl(8) MIBs relies on netlock or another locks and doesn't require kernel lock, so unlock it. The protocols layer *_sysctl()s are left under kernel lock and will be sequentially unlocked later.
ok bluhm@
|
Revision tags: OPENBSD_7_2_BASE OPENBSD_7_3_BASE
|
#
1.60 |
|
14-Aug-2022 |
jsg |
remove unneeded includes in sys/kern ok mpi@ miod@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.59 |
|
25-May-2021 |
bluhm |
As network features are not added dynamically, the domain structures are constant. Having more const makes MP review easier. More pointers are mapped read-only in the kernel image. OK deraadt@ mvs@
|
#
1.58 |
|
17-May-2021 |
claudio |
Increase the default buffer space using on PF_UNIX sockets to 8k. Additionally make the values tuneable via sysctl. OK deraadt@ mvs@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.57 |
|
03-Jul-2019 |
dlg |
add the kernel side of net.link.ifrxq.pressure_return and pressure_drop
these values are used as the backpressure thresholds in the interface rx q processing code. theyre being exposed as tunables to userland while we are figuring out what the best values for them are.
ok visa@ deraadt@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Jun-2018 |
denis |
Replace value with a constant
OK bluhm@, jca@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.60 |
|
14-Aug-2022 |
jsg |
remove unneeded includes in sys/kern ok mpi@ miod@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.59 |
|
25-May-2021 |
bluhm |
As network features are not added dynamically, the domain structures are constant. Having more const makes MP review easier. More pointers are mapped read-only in the kernel image. OK deraadt@ mvs@
|
#
1.58 |
|
17-May-2021 |
claudio |
Increase the default buffer space using on PF_UNIX sockets to 8k. Additionally make the values tuneable via sysctl. OK deraadt@ mvs@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.57 |
|
03-Jul-2019 |
dlg |
add the kernel side of net.link.ifrxq.pressure_return and pressure_drop
these values are used as the backpressure thresholds in the interface rx q processing code. theyre being exposed as tunables to userland while we are figuring out what the best values for them are.
ok visa@ deraadt@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Jun-2018 |
denis |
Replace value with a constant
OK bluhm@, jca@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.59 |
|
25-May-2021 |
bluhm |
As network features are not added dynamically, the domain structures are constant. Having more const makes MP review easier. More pointers are mapped read-only in the kernel image. OK deraadt@ mvs@
|
#
1.58 |
|
17-May-2021 |
claudio |
Increase the default buffer space using on PF_UNIX sockets to 8k. Additionally make the values tuneable via sysctl. OK deraadt@ mvs@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.57 |
|
03-Jul-2019 |
dlg |
add the kernel side of net.link.ifrxq.pressure_return and pressure_drop
these values are used as the backpressure thresholds in the interface rx q processing code. theyre being exposed as tunables to userland while we are figuring out what the best values for them are.
ok visa@ deraadt@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Jun-2018 |
denis |
Replace value with a constant
OK bluhm@, jca@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.58 |
|
17-May-2021 |
claudio |
Increase the default buffer space using on PF_UNIX sockets to 8k. Additionally make the values tuneable via sysctl. OK deraadt@ mvs@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE
|
#
1.57 |
|
03-Jul-2019 |
dlg |
add the kernel side of net.link.ifrxq.pressure_return and pressure_drop
these values are used as the backpressure thresholds in the interface rx q processing code. theyre being exposed as tunables to userland while we are figuring out what the best values for them are.
ok visa@ deraadt@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Jun-2018 |
denis |
Replace value with a constant
OK bluhm@, jca@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.57 |
|
03-Jul-2019 |
dlg |
add the kernel side of net.link.ifrxq.pressure_return and pressure_drop
these values are used as the backpressure thresholds in the interface rx q processing code. theyre being exposed as tunables to userland while we are figuring out what the best values for them are.
ok visa@ deraadt@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.56 |
|
23-Jun-2018 |
denis |
Replace value with a constant
OK bluhm@, jca@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.56 |
|
23-Jun-2018 |
denis |
Replace value with a constant
OK bluhm@, jca@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.55 |
|
23-Nov-2017 |
mpi |
Constify protocol tables and remove an assert now that ip_deliver() is mp-safe.
ok bluhm@, visa@
|
#
1.54 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.53 |
|
09-Oct-2017 |
mpi |
Reduces the scope of the NET_LOCK() in sysctl(2) path.
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.52 |
|
11-Aug-2017 |
mpi |
Remove NET_LOCK()'s argument.
Tested by Hrvoje Popovski, ok bluhm@
|
#
1.51 |
|
27-May-2017 |
claudio |
Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC or tcp md5. OK mpi@
|
#
1.50 |
|
09-May-2017 |
mpi |
Convert a splsoftnet()/splx() dance to NET_ASSERT_LOCKED().
pfctlinput() is only called in the input path with the NET_LOCK() held.
ok bluhm@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.49 |
|
27-Feb-2017 |
claudio |
Retire the AF_MPLS protosw struct. Nothing is using it and the code was super basic anyway. Simplifies the code a lot also by calling the mpls sysctl no longer via the protosw but instead directly. OK mpi@ on a previous diff. Also tested by renato@ who actually found a bug which is now fixed.
|
#
1.48 |
|
20-Dec-2016 |
mpi |
Grab the NET_LOCK() in so{s,g}etopt(), pffasttimo() and pfslowtimo().
ok rzalamena@, bluhm@
|
#
1.47 |
|
20-Dec-2016 |
bluhm |
A NET_LOCK() was is missing in tcp_sysctl() which shows up as spl softnet assert failures. It is better to place the lock into net_sysctl() where all the protocol sysctls are called via pr_sysctl. As calling sysctl(2) is in the slow path, doing fine grained locking has no benefit. Many sysctl cases copy out a struct. Having a lock around that keeps the struct consistent. Put assertions in the protocol sysctls that need it. OK mpi@
|
#
1.46 |
|
22-Nov-2016 |
mpi |
Enforce that pr_ctlinput, pr_slowtimo and pr_fasttimo are called at IPL_SOFTNET.
This will allow us to keep locking simple as soon as we trade splsoftnet() for a rwlock.
ok bluhm@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.45 |
|
03-Mar-2016 |
dlg |
replace the XXX next to setting link_maxhdr with an explanation
the XXX has been there since 1.1, even back in netbsd, and im too lazy to go back further to try and see why it is there. either way it is meaningless.
suggested by mikeb@ and mpi@
|
#
1.44 |
|
03-Mar-2016 |
dlg |
bump link_maxhdr up from 16 to 64
link_maxhdr is best explained as the space reserved before an ip packet payload for link headers, the most common of which is ethernet. 16 was a good choice when the only traffic we really did was ip over ethernet, but now there are commonly used transports that are bigger, specifically 802.11 traffic and vlan/vlan encapsulations, that justify bumping it up.
i chose 64 because it would also allow enough space for encapsulations like etherip or gif.
this reduces the size of the smallest packet that can fit into an mbuf before more storage needs to be suffixed, but because most traffic is either full sized (ie, already bigger than a single mbuf) or tiny packets (think tcp ACKS, keystrokes over ssh, or dns requests) the impact is negligible.
ok stsp@ mpi@ sthen@ mikeb@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.43 |
|
04-Sep-2015 |
mpi |
Make every subsystem using a radix tree call rn_init() and pass the length of the key as argument.
This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization.
As a bonus ``dom_maxrtkey'' is no longer used an die.
ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree.
ok chris@, reyk@
|
#
1.42 |
|
30-Aug-2015 |
mpi |
Use a global table for domains instead of building a list at run time.
As a side effect there's no need to run if_attachdomain() after the list of domains has been built.
ok claudio@, reyk@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.41 |
|
17-Jul-2015 |
blambert |
manage spd entries by using the radix api directly instead of reaching around through the routing table
original diff by myself, much improved by mikeb@ and mpi@
ok and testing mikeb@ mpi@
|
#
1.40 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.39 |
|
23-Dec-2014 |
tedu |
unifdef INET
|
#
1.38 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.37 |
|
11-Jul-2014 |
tedu |
"It's not the years, honey; it's the mileage."
bluetooth support doesn't work and isn't going anywhere. the current design is a dead end, and should not be the basis for any future support. general consensus says to whack it so as to not mislead the unwary.
|
#
1.36 |
|
08-Jul-2014 |
deraadt |
decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.h don't need to be married. ok guenther miod beck jsing kettenis
|
#
1.35 |
|
11-Mar-2014 |
guenther |
lint is gone, and the 'lint' conditional was never in the implementation namespace, so stop changing behavior when it's #defined
ok beck@ krw@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.34 |
|
19-Jan-2014 |
claudio |
Remove max_datalen. It is only used once an can be replaced easily with MHLEN - max_hdr in that place. OK mikeb@
|
#
1.33 |
|
20-Aug-2013 |
mpi |
tedu netnatm and ueagle(4).
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.32 |
|
09-Jul-2011 |
henning |
begone, fucking rotten appletalk shit. ok room
|
#
1.31 |
|
08-Jul-2011 |
yasuoka |
Include PIPEX in kernel by default. And add new sysctl variable `net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.30 |
|
02-Jul-2010 |
blambert |
timeout_add -> timeout_add_msec
ok claudio@ krw@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
13-Nov-2009 |
claudio |
Extend the protosw pr_ctlinput function to include the rdomain. This is needed so that the route and inp lookups done in TCP and UDP know where to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain argument as well for similar reasons. With this tcp seems to be now fully rdomain save and no longer leaks single packets into the main domain. Looks good markus@, henning@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.28 |
|
16-Sep-2008 |
gollo |
netstat statistics for pflow(4) via pseudo family
ok cluadio@ henning@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.27 |
|
23-Apr-2008 |
norby |
Import MPLS (Multi Protocol Label Switching)
MPLS support partly based on the (abandoned?) AYAME project. Basic LSR (Label Switch Router) functionality is present, but not fully functional yet.
It is currently possible to insert entries in the LIB (Label Information Base) with route(8), but setting the operation type is not supported yet.
Imported to allow more people to work on this in the coming weeks.
ok claudio@ laurent@ dlg@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.26 |
|
06-Jun-2007 |
henning |
remove remaining IPX hooks. all inside #ifdef IPX, so no actual change
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.25 |
|
18-Jan-2007 |
henning |
allow kernels with TCP_SIGNATURE (aka tcp md5sig), but without IPSEC to compile and work. need to register pfkey whenever tcp md5 or ipsec is defined, and the various ipsec encapsulations only if ipsec is defined. ok theo
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.24 |
|
15-Jun-2006 |
henning |
nuke code that has been dead for so long that it stinks. claudio ok
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.23 |
|
08-Jun-2005 |
henning |
bye bye netns
|
#
1.22 |
|
07-Jun-2005 |
henning |
remove CCITT handling
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.21 |
|
14-Jan-2005 |
grange |
First step in Bluetooth protocol stack support.
The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
#
1.20 |
|
27-Nov-2004 |
pat |
introduce pffinddomain(), to find a domain by family. while here, fix some spacing, ansi, de-register, etc.
mostly from netbsd
tested & ok otto millert
|
#
1.19 |
|
25-Nov-2004 |
markus |
remove special handling of PF_KEY in net_sysctl; ok deraadt
|
#
1.18 |
|
15-Sep-2004 |
grange |
Kill more netiso ghosts.
ok millert@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.17 |
|
01-Apr-2004 |
tedu |
use NULL for ptrs. parts from Joris Vink
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.16 |
|
24-Feb-2004 |
tedu |
sysctl knob for bpf tunables. some tips from canacar@ ok canacar@ deraadt@ mcbride@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.15 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: UBC_SYNC_A
|
#
1.14 |
|
12-May-2003 |
jason |
Nuke a whole bunch of commons; ok tedu (still more to come *sigh*)
|
Revision tags: OPENBSD_3_1_BASE OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.13 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.12 |
|
06-Nov-2001 |
miod |
branches: 1.12.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_2_8_BASE OPENBSD_2_9_BASE OPENBSD_3_0_BASE
|
#
1.11 |
|
12-Sep-2000 |
deraadt |
NATM domain; stoklund@taxidriver.dk
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
23-Mar-2000 |
art |
Use new timeouts for pfslowtimo and pffasttimo.
|
Revision tags: SMP_BASE kame_19991208
|
#
1.9 |
|
08-Dec-1999 |
itojun |
branches: 1.9.2; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.8 |
|
30-Mar-1999 |
niklas |
make option IPSEC imply option KEY
|
#
1.7 |
|
24-Feb-1999 |
angelos |
Disable encap domain.
|
#
1.6 |
|
07-Jan-1999 |
deraadt |
ready for INET6 and KEY
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE OPENBSD_2_4_BASE
|
#
1.5 |
|
23-Jul-1997 |
denny |
Add AppleTalk.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.4 |
|
20-Feb-1997 |
deraadt |
IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.3 |
|
27-Apr-1996 |
mickey |
Add IPX support (#ifdef'ed, so no problems would arise).
|
#
1.2 |
|
03-Mar-1996 |
niklas |
From NetBSD: 960217 merge
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|