summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_icmp.c
Commit message (Collapse)AuthorAgeFilesLines
* Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.hrwatson2006-10-221-1/+2
| | | | | | | | | | | | | begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead. This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd. Obtained from: TrustedBSD Project Sponsored by: SPARTA
* Add descriptions for the sysctls:keramida2006-03-201-4/+4
| | | | | | | | | net.inet.icmp.drop_redirect net.inet.icmp.log_redirect net.inet.icmp.icmplim net.inet.icmp.icmplim_output Approved & text by: andre
* Fix build.glebius2006-01-231-1/+1
|
* Simplify ip_next_mtu() and make its logic more easy to see whileandre2006-01-231-19/+12
| | | | | | | | silencing code analysis tools. Found by: Coverity Prevent(tm) Coverity ID: CID341 Sponsored by: TCP/IP Optimization Fundraise 2005
* Consolidate all IP Options handling functions into ip_options.[ch] andandre2005-11-181-0/+1
| | | | | | | | | | | | | | | | | | | | include ip_options.h into all files making use of IP Options functions. From ip_input.c rev 1.306: ip_dooptions(struct mbuf *m, int pass) save_rte(m, option, dst) ip_srcroute(m0) ip_stripoptions(m, mopt) From ip_output.c rev 1.249: ip_insertoptions(m, opt, phlen) ip_optcopy(ip, jp) ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m) No functional changes in this commit. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
* Rework icmp_error() to deal with truncated IP packets fromandre2005-11-181-48/+54
| | | | | | ip_forward() when doing extended quoting in error messages. Sponsored by: TCP/IP Optimization Fundraise 2005
* Retire MT_HEADER mbuf type and change its users to use MT_DATA.andre2005-11-021-2/+2
| | | | | | | | | | | | Having an additional MT_HEADER mbuf type is superfluous and redundant as nothing depends on it. It only adds a layer of confusion. The distinction between header mbuf's and data mbuf's is solely done through the m->m_flags M_PKTHDR flag. Non-native code is not changed in this commit. For compatibility MT_HEADER is mapped to MT_DATA. Sponsored by: TCP/IP Optimization Fundraise 2005
* o Fix a logic error when not doing mbuf cluster allocation.andre2005-08-221-4/+5
| | | | | | | o Change an old panic() to a clean function exit. MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005
* Always quote the entire TCP header when responding and allocate an mbufandre2005-08-221-4/+24
| | | | | | | | | | | | cluster if needed. Fixes the TCP issues raised in I-D draft-gont-icmp-payload-00.txt. This aids in-the-wild debugging a lot and allows the receiver to do more elaborate checks on the validity of the response. MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005
* Commit correct version of the change and note the name of the newandre2005-08-211-1/+1
| | | | | | sysctl: net.inet.icmp.quotelen and defaults to 8 bytes. Pointy hat to: andre
* Add a sysctl to change to length of the quotation of the originalandre2005-08-211-1/+12
| | | | | | | | | | | | packet in an ICMP reply. The minimum of 8 bytes is internally enforced. The maximum quotation is the remaining space in the reply mbuf. This option is added in response to the issues raised in I-D draft-gont-icmp-payload-00.txt. MFC after: 2 weeks Spnsored by: TCP/IP Optimizations Fundraise 2005
* Add an option to have ICMP replies to non-local packets generated withandre2005-08-211-0/+19
| | | | | | | | | | | the IP address the packet came through in. This is useful for routers to show in traceroutes the actual path a packet has taken instead of the possibly different return path. The new sysctl is named net.inet.icmp.reply_from_interface and defaults to off. MFC after: 2 weeks
* Add another step of 1280 (gif(4) tunnels) to ip_next_mtu().andre2005-05-041-2/+2
|
* Pass icmp_error() the MTU argument directly instead ofandre2005-05-041-4/+4
| | | | | an interface pointer. This simplifies a couple of uses and removes some XXX workarounds.
* Move Path MTU discovery ICMP processing from icmp_input() toandre2005-04-211-45/+1
| | | | | | | | | | | | | | | | | | | | tcp_ctlinput() and subject it to active tcpcb and sequence number checking. Previously any ICMP unreachable/needfrag message would cause an update to the TCP hostcache. Now only ICMP PMTU messages belonging to an active TCP session with the correct src/dst/port and sequence number will update the hostcache and complete the path MTU discovery process. Note that we don't entirely implement the recommended counter measures of Section 7.2 of the paper. However we close down the possible degradation vector from trivially easy to really complex and resource intensive. In addition we have limited the smallest acceptable MTU with net.inet.tcp.minmss sysctl for some time already, further reducing the effect of any degradation due to an attack. Security: draft-gont-tcpm-icmp-attacks-03.txt Section 7.2 MFC after: 3 days
* /* -> /*- for license, minor formatting changesimp2005-01-071-1/+1
|
* Remove the last two global variables that are used to store packet state whileandre2004-09-151-1/+1
| | | | | | | | | it travels through the IP stack. This wasn't much of a problem because IP source routing is disabled by default but when enabled together with SMP and preemption it would have very likely cross-corrupted the IP options in transit. The IP source route options of a packet are now stored in a mtag instead of the global variable.
* White space cleanup for netinet before branch:rwatson2004-08-161-6/+6
| | | | | | | | | | | - Trailing tab/space cleanup - Remove spurious spaces between or before tabs This change avoids touching files that Andre likely has in his working set for PFIL hooks changes for IPFW/DUMMYNET. Approved by: re (scottl) Submitted by: Xin LI <delphij@frontfree.net>
* Define semantic of M_SKIP_FIREWALL more precisely, i.e. also pass associatedmlaier2004-07-171-11/+5
| | | | | | | | icmp_error() packets. While here retire PACKET_TAG_PF_GENERATED (which served the same purpose) and use M_SKIP_FIREWALL in pf as well. This should speed up things a bit as we get rid of the tag allocations. Discussed with: juli
* Remove erroneous semicolons.stefanf2004-07-131-1/+1
|
* do not send icmp response if the original packet is encrypted.ume2004-06-071-0/+3
| | | | | Obtained from: KAME MFC after: 1 week
* o IFNAMSIZ does include the trailing \0.maxim2004-05-071-1/+1
| | | | | | Approved by: andre o Document net.inet.icmp.reply_src.
* Remove advertising clause from University of California Regent'simp2004-04-071-4/+0
| | | | | | | license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
* Tweak existing header and other build infrastructure to be able to buildmlaier2004-02-261-1/+12
| | | | | | | pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor)
* Add sysctl net.inet.icmp.reply_src to specify the interface nameandre2004-02-021-0/+19
| | | | | | | | used for the ICMP reply source in reponse to packets which are not directly addressed to us. By default continue with with normal source selection. Reviewed by: bms
* More verbose description of the source ip address selection for ICMP replies.andre2004-02-021-5/+16
| | | | Reviewed by: bms
* Limiters and sanity checks for TCP MSS (maximum segement size)andre2004-01-081-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | resource exhaustion attacks. For network link optimization TCP can adjust its MSS and thus packet size according to the observed path MTU. This is done dynamically based on feedback from the remote host and network components along the packet path. This information can be abused to pretend an extremely low path MTU. The resource exhaustion works in two ways: o during tcp connection setup the advertized local MSS is exchanged between the endpoints. The remote endpoint can set this arbitrarily low (except for a minimum MTU of 64 octets enforced in the BSD code). When the local host is sending data it is forced to send many small IP packets instead of a large one. For example instead of the normal TCP payload size of 1448 it forces TCP payload size of 12 (MTU 64) and thus we have a 120 times increase in workload and packets. On fast links this quickly saturates the local CPU and may also hit pps processing limites of network components along the path. This type of attack is particularly effective for servers where the attacker can download large files (WWW and FTP). We mitigate it by enforcing a minimum MTU settable by sysctl net.inet.tcp.minmss defaulting to 256 octets. o the local host is reveiving data on a TCP connection from the remote host. The local host has no control over the packet size the remote host is sending. The remote host may chose to do what is described in the first attack and send the data in packets with an TCP payload of at least one byte. For each packet the tcp_input() function will be entered, the packet is processed and a sowakeup() is signalled to the connected process. For example an attack with 2 Mbit/s gives 4716 packets per second and the same amount of sowakeup()s to the process (and context switches). This type of attack is particularly effective for servers where the attacker can upload large amounts of data. Normally this is the case with WWW server where large POSTs can be made. We mitigate this by calculating the average MSS payload per second. If it goes below 'net.inet.tcp.minmss' and the pps rate is above 'net.inet.tcp.minmssoverload' defaulting to 1000 this particular TCP connection is resetted and dropped. MITRE CVE: CAN-2004-0002 Reviewed by: sam (mentor) MFC after: 1 day
* According to RFC1812 we have to ignore ICMP redirects when weandre2004-01-061-1/+5
| | | | | | | | | | are acting as router (ipforwarding enabled). This doesn't fix the problem that host routes from ICMP redirects are never removed from the kernel routing table but removes the problem for machines doing packet forwarding. Reviewed by: sam (mentor)
* Introduce tcp_hostcache and remove the tcp specific metrics fromandre2003-11-201-29/+28
| | | | | | | | | | | | | | | | | | | | | | | the routing table. Move all usage and references in the tcp stack from the routing table metrics to the tcp hostcache. It caches measured parameters of past tcp sessions to provide better initial start values for following connections from or to the same source or destination. Depending on the network parameters to/from the remote host this can lead to significant speedups for new tcp connections after the first one because they inherit and shortcut the learning curve. tcp_hostcache is designed for multiple concurrent access in SMP environments with high contention and is hash indexed by remote ip address. It removes significant locking requirements from the tcp stack with regard to the routing table. Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
* Remove RTF_PRCLONING from routing table and adjust users of itandre2003-11-201-1/+1
| | | | | | | | | | | | accordingly. The define is left intact for ABI compatibility with userland. This is a pre-step for the introduction of tcp_hostcache. The network stack remains fully useable with this change. Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
* Remove the global one-level rtcache variable and associatedandre2003-11-141-11/+5
| | | | | | | | complex locking and rework ip_rtaddr() to do its own rtlookup. Adopt all its callers to this and make ip_output() callable with NULL rt pointer. Reviewed by: sam (mentor)
* Move global variables for icmp_input() to its stack. With SMP orandre2003-11-131-10/+18
| | | | | | | | preemption two CPUs can be in the same function at the same time and clobber each others variables. Remove register declaration from local variables. Reviewed by: sam (mentor)
* Introduce the notion of "persistent mbuf tags"; these are tags that staysam2003-10-291-0/+1
| | | | | | | | | | | | | | with an mbuf until it is reclaimed. This is in contrast to tags that vanish when an mbuf chain passes through an interface. Persistent tags are used, for example, by MAC labels. Add an m_tag_delete_nonpersistent function to strip non-persistent tags from mbufs and use it to strip such tags from packets as they pass through the loopback interface and when turned around by icmp. This fixes problems with "tag leakage". Pointed out by: Jonathan Stone Reviewed by: Robert Watson
* Locking for updates to routing table entries. Each rtentry gets a mutexsam2003-10-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | that covers updates to the contents. Note this is separate from holding a reference and/or locking the routing table itself. Other/related changes: o rtredirect loses the final parameter by which an rtentry reference may be returned; this was never used and added unwarranted complexity for locking. o minor style cleanups to routing code (e.g. ansi-fy function decls) o remove the logic to bump the refcnt on the parent of cloned routes, we assume the parent will remain as long as the clone; doing this avoids a circularity in locking during delete o convert some timeouts to MPSAFE callouts Notes: 1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level applications cannot/do-no know about mutex's. Doing this requires that the mutex be the last element in the structure. A better solution is to introduce an externalized version of struct rtentry but this is a major task because of the intertwining of rtentry and other data structures that are visible to user applications. 2. There are known LOR's that are expected to go away with forthcoming work to eliminate many held references. If not these will be resolved prior to release. 3. ATM changes are untested. Sponsored by: FreeBSD Foundation Obtained from: BSD/OS (partly)
* Introduce two new MAC Framework and MAC policy entry points:rwatson2003-08-211-0/+3
| | | | | | | | | | | | | | mac_reflect_mbuf_icmp() mac_reflect_mbuf_tcp() These entry points permit MAC policies to do "update in place" changes to the labels on ICMP and TCP mbuf headers when an ICMP or TCP response is generated to a packet outside of the context of an existing socket. For example, in respond to a ping or a RST packet to a SYN on a closed port. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Add a sysctl node allowing the specification of an address mask to usemdodd2003-03-211-2/+9
| | | | when replying to ICMP Address Mask Request packets.
* Back out M_* changes, per decision of the TRB.imp2003-02-191-2/+2
| | | | Approved by: trb
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-211-2/+2
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* correct style bogonssam2002-12-301-4/+2
|
* replace the special-purpose rate-limiting code with the general facilitysam2002-12-211-38/+28
| | | | | just added; this tries to maintain the same behaviour vis a vis printing the rate-limiting messages but need tweaking
* Fix two instances of variant struct definitions in sys/netinet:phk2002-10-201-8/+9
| | | | | | | | | | | | | | Remove the never completed _IP_VHL version, it has not caught on anywhere and it would make us incompatible with other BSD netstacks to retain this version. Add a CTASSERT protecting sizeof(struct ip) == 20. Don't let the size of struct ipq depend on the IPDIVERT option. This is a functional no-op commit. Approved by: re
* Tie new "Fast IPsec" code into the build. This involves the usualsam2002-10-161-0/+6
| | | | | | | | | | | | configuration stuff as well as conditional code in the IPv4 and IPv6 areas. Everything is conditional on FAST_IPSEC which is mutually exclusive with IPSEC (KAME IPsec implmentation). As noted previously, don't use FAST_IPSEC with INET6 at the moment. Reviewed by: KAME, rwatson Approved by: silence Supported by: Vernier Networks
* Replace aux mbufs with packet tags:sam2002-10-161-1/+1
| | | | | | | | | | | | | | | | | | | o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
* Introduce support for Mandatory Access Control and extensiblerwatson2002-08-011-0/+5
| | | | | | | | | | | | | kernel access control. Add support for labeling most out-going ICMP messages using an appropriate MAC entry point. Currently, we do not explicitly label packet reflect (timestamp, echo request) ICMP events, implicitly using the originating packet label since the mbuf is reused. This will be made explicit at some point. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Prevent icmp_reflect() from calling ip_output() with a NULL routeru2002-03-221-2/+2
| | | | | | | | | | | | | | pointer which will then result in the allocated route's reference count never being decremented. Just flood ping the localhost and watch refcnt of the 127.0.0.1 route with netstat(1). Submitted by: jayanth Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed ip_output() to be called with a NULL route pointer. The previous paragraph shows why this was a bad idea in the first place. MFC after: 0 days
* Remove __P.alfred2002-03-191-4/+4
|
* o Move NTOHL() and associated macros into <sys/param.h>. These aremike2002-02-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
* Fix a panic condition in icmp_reflect() introduced in rev. 1.61.ru2002-01-111-2/+2
| | | | | | | | | | (We should be able to handle locally originated IP packets, and these do not have m_pkthdr.rcvif set.) PR: kern/32806, kern/33766 Reviewed by: luigi Fix tested by: Maxim Konovalov <maxim@macomnet.ru>, Erwin Lansing <erwin@lansing.dk>
* whitespace fixes.jlemon2001-12-141-6/+6
|
* - Make ip_rtaddr() global, and use it to look up the correct sourceru2001-11-301-26/+14
| | | | | | | | | address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. PR: kern/31575 Obtained from: BSD/OS MFC after: 1 week
OpenPOWER on IntegriCloud