summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_icmp.c
Commit message (Collapse)AuthorAgeFilesLines
* Introduce support for Mandatory Access Control and extensiblerwatson2002-08-011-0/+5
| | | | | | | | | | | | | kernel access control. Add support for labeling most out-going ICMP messages using an appropriate MAC entry point. Currently, we do not explicitly label packet reflect (timestamp, echo request) ICMP events, implicitly using the originating packet label since the mbuf is reused. This will be made explicit at some point. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Prevent icmp_reflect() from calling ip_output() with a NULL routeru2002-03-221-2/+2
| | | | | | | | | | | | | | pointer which will then result in the allocated route's reference count never being decremented. Just flood ping the localhost and watch refcnt of the 127.0.0.1 route with netstat(1). Submitted by: jayanth Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed ip_output() to be called with a NULL route pointer. The previous paragraph shows why this was a bad idea in the first place. MFC after: 0 days
* Remove __P.alfred2002-03-191-4/+4
|
* o Move NTOHL() and associated macros into <sys/param.h>. These aremike2002-02-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
* Fix a panic condition in icmp_reflect() introduced in rev. 1.61.ru2002-01-111-2/+2
| | | | | | | | | | (We should be able to handle locally originated IP packets, and these do not have m_pkthdr.rcvif set.) PR: kern/32806, kern/33766 Reviewed by: luigi Fix tested by: Maxim Konovalov <maxim@macomnet.ru>, Erwin Lansing <erwin@lansing.dk>
* whitespace fixes.jlemon2001-12-141-6/+6
|
* - Make ip_rtaddr() global, and use it to look up the correct sourceru2001-11-301-26/+14
| | | | | | | | | address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. PR: kern/31575 Obtained from: BSD/OS MFC after: 1 week
* In icmp_reflect(): If the packet was not addressed to us and wasdd2001-11-271-2/+15
| | | | | | | | | | | | received on an interface without an IP address, try to find a non-loopback AF_INET address to use. If that fails, drop it. Previously, we used the address at the top of the in_ifaddrhead list, which didn't make much sense, and would cause a panic if there were no AF_INET addresses configured on the system. PR: 29337, 30524 Reviewed by: ru, jlemon Obtained from: NetBSD
* Relocate the KASSERT for a null recvif to a location where it willjlemon2001-10-251-1/+1
| | | | | | actually do some good. Pointed out by: ru
* Add a hash table that contains the list of internet addresses, and usejlemon2001-09-291-13/+20
| | | | | this in place of the in_ifaddr list when appropriate. This improves performance on hosts which have a large number of IP aliases.
* Make faith loadable, unloadable, and clonable.brooks2001-09-251-7/+1
|
* Patches from Keiichi SHIMA <keiichi@iij.ad.jp>julian2001-09-031-3/+3
| | | | | | to make ip use the standard protosw structure again. Obtained from: Well, KAME I guess.
* Add netstat(1) knob to reset net.inet.{ip|icmp|tcp|udp|igmp}.stats.ru2001-06-231-1/+1
| | | | | | For example, ``netstat -s -p ip -z'' will show and reset IP stats. PR: bin/17338
* Sync with recent KAME.ume2001-06-111-9/+0
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* MFC candidate.jesper2001-03-281-1/+1
| | | | | | | | | | | | | Change code from PRC_UNREACH_ADMIN_PROHIB to PRC_UNREACH_PORT for ICMP_UNREACH_PROTOCOL and ICMP_UNREACH_PORT And let TCP treat PRC_UNREACH_PORT like PRC_UNREACH_ADMIN_PROHIB This should fix the case where port unreachables for udp returned ENETRESET instead of ECONNREFUSED Problem found by: Bill Fenner <fenner@research.att.com> Reviewed by: jlemon
* Make it possible to use IP_TTL and IP_TOS setsockopt(2) optionsru2001-03-091-1/+1
| | | | | | | | | on certain types of SOCK_RAW sockets. Also, use the ip.ttl MIB variable instead of MAXTTL constant as the default time-to-live value for outgoing IP packets all over the place, as we already do this for TCP and UDP. Reviewed by: wollman
* It was possible for ip_forward() to supply to icmp_error()iedowse2001-03-081-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | an IP header with ip_len in network byte order. For certain values of ip_len, this could cause icmp_error() to write beyond the end of an mbuf, causing mbuf free-list corruption. This problem was observed during generation of ICMP redirects. We now make quite sure that the copy of the IP header kept for icmp_error() is stored in a non-shared mbuf header so that it will not be modified by ip_output(). Also: - Calculate the correct number of bytes that need to be retained for icmp_error(), instead of assuming that 64 is enough (it's not). - In icmp_error(), use m_copydata instead of bcopy() to copy from the supplied mbuf chain, in case the first 8 bytes of IP payload are not stored directly after the IP header. - Sanity-check ip_len in icmp_error(), and panic if it is less than sizeof(struct ip). Incoming packets with bad ip_len values are discarded in ip_input(), so this should only be triggered by bugs in the code, not by bad packets. This patch results from code and suggestions from Ruslan, Bosko, Jonathan Lemon and Matt Dillon, with important testing by Mike Tancsa, who could reproduce this problem at will. Reported by: Mike Tancsa <mike@sentex.net> Reviewed by: ru, bmilekic, jlemon, dillon
* Allow ICMP unreachables which map into PRC_UNREACH_ADMIN_PROHIB tojlemon2001-02-231-47/+15
| | | | | | | | | | | | | | | | reset TCP connections which are in the SYN_SENT state, if the sequence number in the echoed ICMP reply is correct. This behavior can be controlled by the sysctl net.inet.tcp.icmp_may_rst. Currently, only subtypes 2,3,10,11,12 are treated as such (port, protocol and administrative unreachables). Assocaiate an error code with these resets which is reported to the user application: ENETRESET. Disallow resetting TCP sessions which are not in a SYN_SENT state. Reviewed by: jesper, -net
* Remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotifyphk2001-02-181-15/+33
| | | | | | | | | | | | | | | | | | | | Add new PRC_UNREACH_ADMIN_PROHIB in sys/sys/protosw.h Remove condition on TCP in src/sys/netinet/ip_icmp.c:icmp_input In src/sys/netinet/ip_icmp.c:icmp_input set code = PRC_UNREACH_ADMIN_PROHIB or PRC_UNREACH_HOST for all unreachables except ICMP_UNREACH_NEEDFRAG Rename sysctl icmp_admin_prohib_like_rst to icmp_unreach_like_rst to reflect the fact that we also react on ICMP unreachables that are not administrative prohibited. Also update the comments to reflect this. In sys/netinet/tcp_subr.c:tcp_ctlinput add code to treat PRC_UNREACH_ADMIN_PROHIB and PRC_UNREACH_HOST different. PR: 23986 Submitted by: Jesper Skriver <jesper@skriver.dk>
* Clean up RST ratelimiting. Previously, ratelimiting occured before testsbmilekic2001-02-111-5/+5
| | | | | | | | | | | were performed to determine if the received packet should be reset. This created erroneous ratelimiting and false alarms in some cases. The code has now been reorganized so that the checks for validity come before the call to badport_bandlim. Additionally, a few changes in the symbolic names of the bandlim types have been made, as well as a clarification of exactly which type each RST case falls under. Submitted by: Mike Silbersack <silby@silby.com>
* Mechanical change to use <sys/queue.h> macro API instead ofphk2001-02-041-2/+2
| | | | | | | fondling implementation details. Created with: sed(1) Reviewed by: md5(1)
* Use getmicrotime() instead of microtime() when timestamping ICMP packets,billf2000-12-161-1/+1
| | | | | | | the former is quicker and accurate enough for use here. Submitted by: Jason Slagle <raistlin@toledolink.com> (on IRC) Reviewed by: phk
* We currently does not react to ICMP administratively prohibitedphk2000-12-161-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | messages send by routers when they deny our traffic, this causes a timeout when trying to connect to TCP ports/services on a remote host, which is blocked by routers or firewalls. rfc1122 (Requirements for Internet Hosts) section 3.2.2.1 actually requi re that we treat such a message for a TCP session, that we treat it like if we had recieved a RST. quote begin. A Destination Unreachable message that is received MUST be reported to the transport layer. The transport layer SHOULD use the information appropriately; for example, see Sections 4.1.3.3, 4.2.3.9, and 4.2.4 below. A transport protocol that has its own mechanism for notifying the sender that a port is unreachable (e.g., TCP, which sends RST segments) MUST nevertheless accept an ICMP Port Unreachable for the same purpose. quote end. I've written a small extension that implement this, it also create a sysctl "net.inet.tcp.icmp_admin_prohib_like_rst" to control if this new behaviour is activated. When it's activated (set to 1) we'll treat a ICMP administratively prohibited message (icmp type 3 code 9, 10 and 13) for a TCP sessions, as if we recived a TCP RST, but only if the TCP session is in SYN_SENT state. The reason for only reacting when in SYN_SENT state, is that this will solve the problem, and at the same time minimize the risk of this being abused. I suggest that we enable this new behaviour by default, but it would be a change of current behaviour, so if people prefer to leave it disabled by default, at least for now, this would be ok for me, the attached diff actually have the sysctl set to 0 by default. PR: 23086 Submitted by: Jesper Skriver <jesper@skriver.dk>
* Change the following:bmilekic2000-12-151-6/+20
| | | | | | | | | | | | | | | | 1. ICMP ECHO and TSTAMP replies are now rate limited. 2. RSTs generated due to packets sent to open and unopen ports are now limited by seperate counters. 3. Each rate limiting queue now has its own description, as follows: Limiting icmp unreach response from 439 to 200 packets per second Limiting closed port RST response from 283 to 200 packets per second Limiting open port RST response from 18724 to 200 packets per second Limiting icmp ping response from 211 to 200 packets per second Limiting icmp tstamp response from 394 to 200 packets per second Submitted by: Mike Silbersack <silby@silby.com>
* Fixed the bug I have introduced in icmp_error() in revision 1.44.ru2000-11-021-1/+1
| | | | | | The amount of data we copy from the original IP datagram into the ICMP message was computed incorrectly for IP packets with payload less than 8 bytes.
* Follow BSD/OS and NetBSD, keep the ip_id field in network order all the time.ru2000-09-141-1/+0
| | | | Requested by: wollman
* Fixed broken ICMP error generation, unified conversion of IP headerru2000-09-011-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fields between host and network byte order. The details: o icmp_error() now does not add IP header length. This fixes the problem when icmp_error() is called from ip_forward(). In this case the ip_len of the original IP datagram returned with ICMP error was wrong. o icmp_error() expects all three fields, ip_len, ip_id and ip_off in host byte order, so DTRT and convert these fields back to network byte order before sending a message. This fixes the problem described in PR 16240 and PR 20877 (ip_id field was returned in host byte order). o ip_ttl decrement operation in ip_forward() was moved down to make sure that it does not corrupt the copy of original IP datagram passed later to icmp_error(). o A copy of original IP datagram in ip_forward() was made a read-write, independent copy. This fixes the problem I first reported to Garrett Wollman and Bill Fenner and later put in audit trail of PR 16240: ip_output() (not always) converts fields of original datagram to network byte order, but because copy (mcopy) and its original (m) most likely share the same mbuf cluster, ip_output()'s manipulations on original also corrupted the copy. o ip_output() now expects all three fields, ip_len, ip_off and (what is significant) ip_id in host byte order. It was a headache for years that ip_id was handled differently. The only compatibility issue here is the raw IP socket interface with IP_HDRINCL socket option set and a non-zero ip_id field, but ip.4 manual page was unclear on whether in this case ip_id field should be in host or network byte order.
* Add boundary checks against IP options.jlemon2000-06-021-1/+4
| | | | Obtained from: OpenBSD
* sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.dan2000-05-221-20/+4
| | | | Suggested by: des/nbm
* Add option ICMP_BANDLIM_SUPPRESS_OUTPUT to the mix. With this option,dan2000-05-221-0/+2
| | | | badport_bandlim() will not muck up your console with printf() messages.
* Add #include <machine/in_cksum.h>, in order to pick up the checksumjlemon2000-05-061-0/+2
| | | | inline functions and prototypes.
* Mitigate the stream.c attacksimp2000-01-281-1/+1
| | | | | | | | | | | | | o Drop all broadcast and multicast source addresses in tcp_input. o Enable ICMP_BANDLIM in GENERIC. o Change default to 200/s from 100/s. This will still stop the attack, but is conservative enough to do this close to code freeze. This is not the optimal patch for the problem, but is likely the least intrusive patch that can be made for this. Obtained from: Don Lewis and Matt Dillon. Reviewed by: freebsd-security
* IPSEC support in the kernel.shin1999-12-221-3/+47
| | | | | | | | pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
* Reorder.des1999-09-141-4/+4
|
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* Add net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, fordes1999-08-101-3/+28
| | | | | | | respectively logging and dropping ICMP REDIRECT packets. Note that there is no rate limiting on the log messages, so log_redirect should be used with caution (preferrably only for debugging purposes).
* When an incoming packet is reflected back as an ICMP reply, make sure wearchie1999-03-061-1/+2
| | | | | | zero "m->m_pkthdr.rcvif", otherwise ipfw may wrongly match the outgoing packet. PR: kern/9723 Submitted by: David Malone <dwmalone@maths.tcd.ie>
* Cleanup icmp_var.h, make icmp bandlim sysctl permanent but if ICMP_BANDLIMdillon1998-12-041-5/+15
| | | | | | | option not defined the sysctl int value is set to -1 and read-only. #ifdef KERNEL's added appropriately to wall off visibility of kernel routines from user code.
* Reviewed by: freebsd-currentdillon1998-12-031-1/+80
| | | | | | | | | | | | | | Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option is specified in kernel config, icmplim defaults to 100 pps. Setting it to 0 will disable the feature. This feature limits ICMP error responses for packets sent to bad tcp or udp ports, which does a lot to help the machine handle network D.O.S. attacks. The kernel will report packet rates that exceed the limit at a rate of one kernel printf per second. There is one issue in regards to the 'tail end' of an attack... the kernel will not output the last report until some unrelated and valid icmp error packet is return at some point after the attack is over. This is a minor reporting issue only.
* Turn off replies to ICMP echo requests for broadcast and multicastjkoshy1998-09-151-2/+2
| | | | | | | | | | | | | addresses by default. Add a knob "icmp_bmcastecho" to "rc.network" to allow this behaviour to be controlled from "rc.conf". Document the controlling sysctl variable "net.inet.icmp.bmcastecho" in sysctl(3). Reviewed by: dg, jkh Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>
* Fixed logic in the test to drop ICMP echo and timestamp packets whendg1998-05-261-5/+3
| | | | | | | | | net.inet.ip.icmp.bmcastecho = 0 by removing the extra check for the address being a multicast address. The test now relies on the link layer flags that indicate it was received via multicast. The previous logic was broken and replied to ICMP echo/timestamp broadcasts even when the sysctl option disallowed them. Reviewed by: wollman
* ICMP Timestamp Request messages could have harbored the same sort ofwollman1997-08-251-1/+7
| | | | | problem as Echo Requests when broad/multicast. When multicast echo responses are disabled, also do the same for timestamp responses.
* Configurably don't reply to broadcast or multicast echos. There are stillwollman1997-08-251-1/+11
| | | | | | potential problems with other automatic-reply ICMPs, but some of them may depend on broadcast/multicast to operate. (This code can simply be moved to the `reflect' label to generalize it.)
* Removed unused #includes.bde1997-08-021-3/+1
|
* submitted by: archie@whistle.comjulian1997-05-231-2/+2
| | | | | | | Don't search for interface addresses matching interface "NULL" it's likely to cause a page fault.. this can be triggered by the ipfw code rejecting a locally generated packet (e.g. you decide to make some network unreachable by local users)
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Convert the interface address and IP interface address structureswollman1996-12-131-3/+3
| | | | | | to TAILQs. Fix places which referenced these for no good reason that I can see (the references remain, but were fixed to compile again; they are still questionable).
* Handle ICMP codes defined in RFC1812 more appropriatelypst1996-09-201-1/+7
|
* Eliminate some more references to separate ip_v and ip_hl fields.wollman1996-07-241-8/+9
|
OpenPOWER on IntegriCloud