in revision 1.48. It is pretty valid and often feasible to use
a non-point-to-point interface as the gateway. One might, for
example, use this to route some hosts through an ARP on a local
interface, without having to assign an additional IP address:
Script started on Tue Jun 12 16:16:09 2001
# ifconfig rl0 inet
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1197
# route add -net 192.168.100 -iface rl0
add net 192.168.100: gateway rl0
# ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1): 56 data bytes
64 bytes from 192.168.100.1: icmp_seq=0 ttl=255 time=0.551 ms
64 bytes from 192.168.100.1: icmp_seq=1 ttl=255 time=0.268 ms
^C
--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.268/0.410/0.551/0.142 ms
# netstat -arn -finet | grep -w rl0
192.168.4 link#1 UC 3 0 rl0 =>
192.168.4.65 0:d0:b7:16:9c:c6 UHLW 1 0 rl0 1165
192.168.100 link#1 UCSc 1 0 rl0 =>
192.168.100.1 0:d0:b7:16:9c:c6 UHLW 1 4 rl0 1192
Script done on Tue Jun 12 16:17:12 2001
- Replace some very poorly thought out API hacks that should have been
fixed a long while ago.
- Provide some much more flexible search functions (resource_find_*())
- Use strings for storage instead of an outgrowth of the rather
inconvenient temporary ioconf table from config(). We already had a
fallback to using strings before malloc/vm was running anyway.
this is not strictly compliant with XSI curses, it enables us to pass
const strings to many more functions that are actually const safe than
before. This should be harmless.
Requested by: lots of folks
of calling sigprocmask(). This matches the behaviour of thr_sigsetmask()
on Solaris; _pthread_sigmask_stub was added purely for compatibility
with Solaris (for TI-RPC), so it might as well do the same thing.
This fixes the problem where client RPC calls ignored all signals
for the complete duration of the RPC. This behaviour is currently
necessary in the threaded case due to locking issues, but was never
intended to occur in non-threaded programs.
Reviewed by: deischen
before running make. If the package origin points to a non-existent or
stale port, report this package as orphaned, instead of producing more
general `unknown in index' message.
PR: 27707
Submitted by: myself, roamer
Approved by: bmah, markm
- add a pointer to struct mauxtag. two integer was too restrictive
- have m_aux_{add,find}2.
- make sure to return non-cluster on m_pulldown(). this is safer
(but of course less performant) when we have non-loopback L2 code
which throws the mbuf back to input path, like L2 bridging or some
multicast handling code.
Following changed was made by previous commit:
- add a pointer to struct mauxtag. two integer was too restrictive.
- add m_aux_{add,find}2.
- make sure to nuke mbuf pointed to m_aux.
- do not assume that the ro_dst member of route_in6{} is sockaddr_in6.
- repair IPsec header size prediction.
- validate mbuf chain better in {tcp,udp}6_ctlinput.
- loosened validation inner packets of icmp6 errors as much as possible.
- scope-awareness.
- be friendly with pfctlinput2.
- simplified address scope handling in the ctlinput function.
- type change of in6_pcbnotify.
- pass error from ipsec_setsocket() all the way up.
- added comments about why in6p_inputopts should not be copied in
tcp6_input().
- call ip6_copypktopts() in order to copy in6p_outputopts
from a listening PCB to a corresponding accepting one.
- be proactive about unspecified IPv6 source address. pcb layer
uses unspecified address (::) to mean "unbounded" or
"unconnected", and can be confused by packets from outside.
- made consist between tcp and udp in using mappedaddr
- setsockopt(BIND_IPV6ONLY) now works
- deprecated address consideration on TCP SYN.
- get rid of M_ANYCAST6
- use 0/8 to specify interface index on multicast get/setsockopt
- make sure to nuke m->m_aux pointer for ipsec, on if_output.
- pass error from ipsec_setsocket() all the way up.
- move ipsec output processing before filtering section.
- (possible) remote kernel panic fix - out of bounds access on
ill-formed ipopt.
- strict boundary check on ipopt.
- make sure to enforce inbound IPsec policy on all final header.
- add missing ipcomp entry from ipprotosw.
- 127/8 must not appear on wire - RFC1122.
this is rather important as we use weak host model, so outsider
can abuse 127.0.0.1 from outside.
- introduce ipstat.ips_badaddr
- use ipsec_gethist() to prevent packet filters from looking at
decapulated packets.
- remove duplicate 127.0.0.0/8 checking.
want host headers during `buildworld'.
- During `buildworld', install headers in a "copy" mode
until we decide what to do with the (currently broken)
SHARED=symlinks.
- Temporarily run `buildworld' with -DNO_WERROR, which
effectively disabled the -Werror bit of recently added
WARNS=X feature. This is required because adding the
-nostdinc bit back revealed bugs in some header files
that were hiding after not using -nostdinc.
It is unclear currently how exactly (and why) -nostdinc
affects gcc(1) warnings.
This is needed to pick up the right headers. Wrong headers from
src/contrib/ipfilter are used otherwise.
The right fix would be to fix contrib/ipfilter C sources to pick up
headers from <sys/netinet>.
Noticed by: peter