summaryrefslogtreecommitdiffstats
path: root/sys/netinet/icmp_var.h
Commit message (Collapse)AuthorAgeFilesLines
* Remove most of the remaining sysctl name list macros. They were onlyjhb2013-08-261-7/+0
| | | | | | | | ever intended for use in sysctl(8) and it has not used them for many years. Reviewed by: bde Tested by: exp-run by bdrewery
* Migrate structs arpstat, icmpstat, mrtstat, pimstat and udpstat to PCPUae2013-07-091-5/+6
| | | | counters.
* Add rate limitation for SCTP OOTB responses.tuexen2012-06-181-1/+2
| | | | MFC after: 3 days
* Many network stack subsystems use a single global data structure to holdrwatson2009-08-021-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | all pertinent statatistics for the subsystem. These structures are sometimes "borrowed" by kernel modules that require a place to store statistics for similar events. Add KPI accessor functions for statistics structures referenced by kernel modules so that they no longer encode certain specifics of how the data structures are named and stored. This change is intended to make it easier to move to per-CPU network stats following 8.0-RELEASE. The following modules are affected by this change: if_bridge if_cxgb if_gif ip_mroute ipdivert pf In practice, most of these statistics consumers should, in fact, maintain their own statistics data structures rather than borrowing structures from the base network stack. However, that change is too agressive for this point in the release cycle. Reviewed by: bz Approved by: re (kib)
* Remove unused VNET_SET() and related macros; only VNET_GET() isrwatson2009-07-161-1/+1
| | | | | | | | | ever actually used. Rename VNET_GET() to VNET() to shorten variable references. Discussed with: bz, julian Reviewed by: bz Approved by: re (kensmith, kib)
* Build on Jeff Roberson's linker-set based dynamic per-CPU allocatorrwatson2009-07-141-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables. Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker. Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided. This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS. Bump __FreeBSD_version and update UPDATING. Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
* Update stats in struct icmpstat and icmp6stat using four newrwatson2009-04-121-0/+5
| | | | | | | | | | | | | | macros: ICMPSTAT_ADD(), ICMPSTAT_INC(), ICMP6STAT_ADD(), and ICMP6STAT_INC(), rather than directly manipulating the fields of these structures across the kernel. This will make it easier to change the implementation of these statistics, such as using per-CPU versions of the data structures. In on case, icmp6stat members are manipulated indirectly, by icmp6_errcount(), and this will require further work to fix for per-CPU stats. MFC after: 3 days
* Second round of putting global variables, which were virtualizedbz2008-12-131-0/+2
| | | | | | | | | | | but formerly missed under VIMAGE_GLOBAL. Put the extern declarations of the virtualized globals under VIMAGE_GLOBAL as the globals themsevles are already. This will help by the time when we are going to remove the globals entirely. Sponsored by: The FreeBSD Foundation
* Attempt to improve feature parity between UDPv4 and UDPv6 by mergingrwatson2007-07-191-1/+2
| | | | | | | | | | | | | | | | UDPv4 features to UDPv6: - Add MAC checks on delivery and MAC labeling on transmit. - Check for (and reject) datagrams with destination port 0. - For multicast delivery, check the source port only if the socket being considered as a destination has been connected. - Implement UDP blackholing based on net.inet.udp.blackhole. - Add a new ICMPv6 unreachable reply rate limiting category for failed delivery attempts and implement rate limiting for UDPv6 (submitted by bz). Approved by: re (kensmith) Reviewed by: bz
* /* -> /*- for license, minor formatting changesimp2005-01-071-1/+1
|
* White space cleanup for netinet before branch:rwatson2004-08-161-4/+4
| | | | | | | | | | | - Trailing tab/space cleanup - Remove spurious spaces between or before tabs This change avoids touching files that Andre likely has in his working set for PFIL hooks changes for IPFW/DUMMYNET. Approved by: re (scottl) Submitted by: Xin LI <delphij@frontfree.net>
* Remove advertising clause from University of California Regent'simp2004-04-071-4/+0
| | | | | | | license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
* Tweak existing header and other build infrastructure to be able to buildmlaier2004-02-261-0/+1
| | | | | | | pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor)
* Remove __P.alfred2002-03-191-1/+1
|
* whitespace fixes.jlemon2001-12-141-1/+1
|
* - Make ip_rtaddr() global, and use it to look up the correct sourceru2001-11-301-0/+2
| | | | | | | | | address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. PR: kern/31575 Obtained from: BSD/OS MFC after: 1 week
* Clean up RST ratelimiting. Previously, ratelimiting occured before testsbmilekic2001-02-111-6/+7
| | | | | | | | | | | were performed to determine if the received packet should be reset. This created erroneous ratelimiting and false alarms in some cases. The code has now been reorganized so that the checks for validity come before the call to badport_bandlim. Additionally, a few changes in the symbolic names of the bandlim types have been made, as well as a clarification of exactly which type each RST case falls under. Submitted by: Mike Silbersack <silby@silby.com>
* Change the following:bmilekic2000-12-151-0/+6
| | | | | | | | | | | | | | | | 1. ICMP ECHO and TSTAMP replies are now rate limited. 2. RSTs generated due to packets sent to open and unopen ports are now limited by seperate counters. 3. Each rate limiting queue now has its own description, as follows: Limiting icmp unreach response from 439 to 200 packets per second Limiting closed port RST response from 283 to 200 packets per second Limiting open port RST response from 18724 to 200 packets per second Limiting icmp ping response from 211 to 200 packets per second Limiting icmp tstamp response from 394 to 200 packets per second Submitted by: Mike Silbersack <silby@silby.com>
* sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.dan2000-05-221-5/+0
| | | | Suggested by: des/nbm
* Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"peter1999-12-291-2/+2
| | | | | | is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* * Change sysctl from using linker_set to construct its tree using SLISTs.dfr1999-02-161-1/+2
| | | | | | | | | | This makes it possible to change the sysctl tree at runtime. * Change KLD to find and register any sysctl nodes contained in the loaded file and to unregister them when the file is unloaded. Reviewed by: Archie Cobbs <archie@whistle.com>, Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
* Cleanup icmp_var.h, make icmp bandlim sysctl permanent but if ICMP_BANDLIMdillon1998-12-041-10/+4
| | | | | | | option not defined the sysctl int value is set to -1 and read-only. #ifdef KERNEL's added appropriately to wall off visibility of kernel routines from user code.
* Obtained from: "Andrey A. Chernov" <ache@nagual.pp.ru>dillon1998-12-041-1/+3
| | | | | Quick add #ifdef KERNEL for ICMP_BANDLIM option so userland program can #include icmp_var.h
* Reviewed by: freebsd-currentdillon1998-12-031-1/+17
| | | | | | | | | | | | | | Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option is specified in kernel config, icmplim defaults to 100 pps. Setting it to 0 will disable the feature. This feature limits ICMP error responses for packets sent to bad tcp or udp ports, which does a lot to help the machine handle network D.O.S. attacks. The kernel will report packet rates that exceed the limit at a rate of one kernel printf per second. There is one issue in regards to the 'tail end' of an attack... the kernel will not output the last report until some unrelated and valid icmp error packet is return at some point after the attack is over. This is a minor reporting issue only.
* Some staticized variables were still declared to be extern.bde1997-09-071-5/+1
|
* ICMP Timestamp Request messages could have harbored the same sort ofwollman1997-08-251-1/+2
| | | | | problem as Echo Requests when broad/multicast. When multicast echo responses are disabled, also do the same for timestamp responses.
* Configurably don't reply to broadcast or multicast echos. There are stillwollman1997-08-251-1/+2
| | | | | | potential problems with other automatic-reply ICMPs, but some of them may depend on broadcast/multicast to operate. (This code can simply be moved to the `reflect' label to generalize it.)
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Add lots of useful MIB variables and a few not-so-useful ones forwollman1995-02-161-3/+5
| | | | completeness.
* Made idempotent.paul1994-08-211-1/+6
| | | | Submitted by: Paul
* Added $Id$dg1994-08-021-0/+1
|
* BSD 4.4 Lite Kernel Sourcesrgrimes1994-05-241-0/+68
OpenPOWER on IntegriCloud