| Age | Commit message (Collapse) | Author |
|---|
|
The ipifc->local generator is the big exception,
dumping the whole link structure of the interface.
|
|
|
|
relax the maclen check as v6 neighbour disicovery might
give bigger buffers as the medium uses for the mac
address size, as the packet does not contain exact byte
count but rounds all the options to multiples of 8.
drop neighbour discovery packets coming from interfaces
with zero-length maclen.
when dialing icmpv6 protocol with link-local address
for the local ip address, filter any packets to it that
come from a different interface. otherwise ipconfig
would see router advertisements from other interfaces.
fix the locking for ipifc ctl messages: properly
acquire the wlock and check that the interface is still
bound for every ctl messages touching the interface.
make add6 ipifc ctl message work for media with
zero-length maclen by using the interface identier
from pre-existing link-local address when available.
|
|
Generalize the arp proxy code, so one can create
specific routes for ip ranges that we want to arp
proxy for, not just for point-to-point interface
routes.
as we have source specific routes, this also
gives some control over which requester we will
reply to.
one example for this is a vps where we booked
another ip address on the ethernet, that we want
to route into a vpn tunnel. the new ip is in
subnet of the public ethernet interface, so all
we now need todo is add a route for that ip into
the vpn tunnel and set the proxy flag "y", and
we will respond to arp for that ip on the public
ethernet interface.
|
|
If the interface does not support multicast, ignore it.
|
|
Allow accepting udp "connections" using a multicast local address.
Before, it was only possible to receive multicast using the headers
option. Having a connection orirented stream can be very usefull
when receiving multicast audio data. One gets a "connection" for
every source.
Implement (optional) support for IGMPv2 and MLDv1.
This can be usefull if bridges on the network have IGMP/MLD snooping
enabled, and wont forward multicast traffic unless we report what
we excpect. This is experimental for now, so the igmp protocol
must be manually added to the kernel configuration.
|
|
|
|
All the mediums we have implemented know their minimum
transmit unit. The minimum transfer unit is not adjustable
so there is no point in caching it in the ip interface.
|
|
This avoids ipconfig having to explicitely specify the tag
when we want to set route type, as the tag can be provided
implicitely thru the "tag" command.
|
|
This makes the interface route have the "t"-flag,
which causes packets routed to the interface to get
source translated.
|
|
This adds a new route "t"-flag that enables network address translation,
replacing the source address (and local port) of a forwarded packet to
one of the outgoing interface.
The state for a translation is kept in a new Translation structure,
which contains two Iphash entries, so it can be inserted into the
per protocol 4-tuple hash table, requiering no extra lookups.
Translations have a low overhead (~200 bytes on amd64),
so we can have many of them. They get reused after 5 minutes
of inactivity or when the per protocol limit of 1000 entries
is reached (then the one with longest inactivity is reused).
The protocol needs to export a "forward" function that is responsible
for modifying the forwarded packet, and then handle translations in
its input function for iphash hits with Iphash.trans != 0.
This patch also fixes a few minor things found during development:
- Include the Iphash in the Conv structure, avoiding estra malloc
- Fix ttl exceeded check (ttl < 1 -> ttl <= 1)
- Router should not reply with ttl exceeded for multicast flows
- Extra checks for icmp advice to avoid protocol confusions.
|
|
Wlock()'ing the ifc causes a deadlock with Medium
bind/unbind as the routine can walk /net, while
ndb/dns or ndb/cs are currently blocked enumerating
/net/ipifc/*.
The fix is to have a fake medium, called "unbound",
that is set temporarily during the call of Medium
bind and unbind.
That way, the interface rwlock can be released while
bind/unbind is in progress.
The ipifcunbind() routine will refuse to unbind a
ifc that is currently assigned to the "unbound"
medium, preventing any accidents.
|
|
Instead of having to do an arp hash table lookup for each
outgoing ip packet, forward the Routehint pointer to the
medium's bwrite() function and let it cache the arp entry
pointer.
This avoids route and arp hash table lookups for tcp, il
and connection oriented udp.
It also allows us to avoid multiple route and arp table
lookups for the retransmits once an arp/neighbour solicitation
response arrives.
|
|
|
|
ipiput4() and ipiput6() are called with the incoming interface rlocked
while ipoput4() and ipoput6() also rlock() the outgoing interface once
a route has been found. it is common that the incoming and outgoing
interfaces are the same recusive rlocking().
the deadlock happens when a reader holds the rlock for the incoming interface,
then ip/ipconfig tries to add a new address, trying to wlock the interface.
as there are still active readers on the ifc, ip/ipconfig process gets queued
on the inteface RWlock.
now the reader finds the outgoing route which has the same interface as the
incoming packet and tries to rlock the ifc again. but now theres a writer
queued, so we also go to sleep waiting four outselfs to release the lock.
the solution is to never wait for the outgoing interface rlock, but instead
use non-queueing canrlock() and if it cannot be acquired, discard the packet.
|
|
to prevent deadlock on media unbind (which is called with
the interface wlock()'ed), the medias reader processes
that unbind was waiting for used to discard packets when
the interface could not be rlocked.
this has the unfortunate side effect that when we change
addresses on a interface that packets are getting lost.
this is problematic for the processing of ipv6 router
advertisements when multiple RA's are getting received
in quick succession.
this change removes that packet dropping behaviour and
instead changes the unbind process to avoid the deadlock
by wunlock()ing the interface temporarily while waiting
for the reader processes to finish. the interface media
is also changed to the mullmedium before unlocking (see
the comment).
|
|
when making outgoing connections, the source ip was selected
by just iterating from the first to the last interface and
trying each local address until a route was found. the result
was kind of hard to predict as it depends on the interface
order.
this change replaces the algorithm with the route lookup algorithm
that we already have which takes more specific desination and
source prefixes into account. so the order of interfaces does
not matter anymore.
|
|
the Ipselftab is designed to not require locking on read
operation. locking the selftab in ipselftabread() risks
deadlock when accessing the user buffer creates a fault.
remove unused fields from the Ipself struct.
|
|
check, consistent error strings
initialize the rate limits when the device gets
bound, not when it is created. so that the
rate limtis get reset to default when the ifc
is reused.
adjust the burst delay when the mtu is changed.
this is to make sure that we allow at least one
full sized packet burst.
make a local copy of ifc->m before doing nil
check as it can change under us when we do
not have the ifc locked.
specify Ebound[] and Eunbound[] error strings
and use them consistently.
|
|
|
|
ipifcregisterproxy()
remove references to the unused Conv.car qlock.
ipifcregisterproxy() is called with the proxy
ifc wlock'd, which means we cannot acquire the
rwlock of the interfaces that will proxy for us
because it is allowed to rlock() multiple ifc's
in any order. to get arround this, we use canrlock()
and skip the interface when we cannot acquire the
lock.
the ifc should get wlock'd only when we are about
to modify the ifc or its lifc chain. that is when
adding or removing addresses. wlock is not required
when we addresses to the selfcache, which has its
own qlock.
|
|
|
|
|
|
when a prefix is added with the onlink flag clear, packets
towards that prefix needs to be send to the default gateway
so we omit adding the interface route.
when the on-link flag gets changed to 1 later, we add the
interface route.
the on-link flag is sticky, so theres no way to clear it back
to zero except removing and re-adding the prefix.
|
|
|
|
|
|
when we fail to parse and validate the command, no update
should take place.
|
|
during dhcp, ipconfig assigns the null address :: which makes
ipforme() return Runi for any destination, which can trigger
arp resolution when we attempt to reply. so have v4local()
skip the null address and have sendarp() check the return
status of v4local(), avoing the spurious arp requests.
|
|
ipifcaddmulti()
|
|
create multicast entry on error
|
|
closeconv() calls ipifcremmulti() like:
while((mp = cv->multi) != nil)
ipifcremmulti(cv, mp->ma, mp->ia);
so we have to defer freeing the entry after doing:
if((lifc = iplocalonifc(ifc, ia)) != nil)
remselfcache(f, ifc, lifc, ma);
which accesses the otherwise free'd ia and ma arguments.
|
|
change 9f74a951ae6a introduced a bug that set the mtu of a new
interface to 0 when not specified in the add ctl.
|
|
|
|
there appears to be confusion about the refresh flag of arpenter().
when we get an arp reply, it makes more sense to just refresh
waiting/existing entries instead creating a new one as we do not
know if we are going to communicate with the remote host in the future.
when we see an arp request for ourselfs however, we want to always
enter the senders address into the arp cache as it is likely the sender
attempts to communicate with us and with the arp entry, we can reply
immidiately.
reject senders from multicast/broadcast mac addresses. thats just silly.
we can get rid of the multicast/broadcast ip checks in ethermedium and
do it in arpenter() instead, checking the route type for the target to
see if its a non unicast target.
enforce strict separation of interface's arp entries by passing a
rlock'd ifc explicitely to arpenter, which we compare against the route
target interface. this makes sure arp/ndp replies only affect entries for
the receiving interface.
handle neighbor solicitation retransmission in nbsendsol() only. that is,
both ethermedium and the rxmitproc just call nbsendsol() which maintains
the timers and counters and handles the rotation on the re-transmission
chain.
|
|
remove tentative check
|
|
address for icmpttlexceeded, cleanup
|
|
this allows one to access the same network via multiple interfaces,
the local address then determines which interface is used.
|
|
|
|
ipv4local() and ipv6local() now take remote address argument,
returning the closest local address to the source. this
implements the standartized source address selection rules
instead of just returning the first local v4 or v6 address.
the source address selection was broken for esp, rudp an udp,
blindly assuming ifc->lifc->local being a valid v4 address.
use ipv6local() instead.
the v6 routing code used to lookup source address route to
decide to drop the packet instead of checking the interface
on the destination route.
factor out the route hint from Conv and put it in Routehint
structure. avoiding stack bloat in v4 routing. implement the
same trick for v6 avoiding second route lookup in ipoput6.
fix memory leak in icmpv6 router solicitation handling.
remove old unfinished handling of multiple v6 routers. should
implement source specific routes instead.
avoid duplication, use common convipvers() function.
use isv4() instead of memcmp v4prefix.
|
|
after running ip/ipconfig -6, we are unable to ping our
own link-local address and the arp daemon sends out useless
neighbor solicitation requests to itself. this change
adds an arp entry for our ipv6 address. however, this
must not be done for tentative interface configuration.
|
|
allocate the Iplifc structure on the stack instead.
i assuming that it was allocated on heap in fear of
causing stack oveflow. on 386, this adds arround
88 bytes on the stack but it doesnt seem to cause
any trouble. (checked with poolcheck after ctl write)
|
|
ipifcunbind() could error out from ipifcremlifc() and Medium.unbind()
*after* decrementing ifc->conv->inuse! move the decrement after
calling these functions.
make ipifcremlifc() never raise error but return error string.
the only places where it could error is when it calls into
medium functions like Medium.remroute() and Medium.remmulti().
Ignore these errors as they could happen when the ethernet driver
crashed (think imported ethernet device or usb ethernet
in userspace), so we will be able to unbind.
add waserror() handlers as neccesary to deal with errors from
Medium.addmulti(), Medium.areg() and arpenter() to properly
unlock the data structures.
|
|
Fsprotocone():
qopen() and qbypass() can fail and return nil, so make sure
the connection was not partially created by checking if read
and write queues have been setup by the protocol create hanler.
on error, free any resources of the partial connection and
error out.
netlogopen(): check malloc() error.
|
|
|
|
|
