summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_input.c
Commit message (Collapse)AuthorAgeFilesLines
* NetBSD PR# 2772dima1998-02-261-2/+2
| | | | Reviewed by: David Greenman
* Add new sysctl variable: net.inet.ip.accept_sourcerouteguido1998-02-161-1/+7
| | | | | | | It controls if the system is to accept source routed packets. It used to be such that, no matter if the setting of net.inet.ip.sourceroute, source routed packets destined at us would be accepted. Now it is controllable with eth default set to NOT accept those.
* Replace non-existent ip_forwarding with ipforwardingache1998-02-121-2/+2
| | | | (compilation error)
* Only forward source routed packets when ip_forwarding is set to 1.guido1998-02-111-2/+2
| | | | | | | | | This means that a FreeBSD will only forward source routed packets when both net.inet.ip.forwarding and net.inet.ip.sourceroute are set to 1. You can hit me now ;-) Submitted by: Thomas Ptacek
* Back out DIAGNOSTIC changes.eivind1998-02-061-2/+1
|
* Turn DIAGNOSTIC into a new-style option.eivind1998-02-041-1/+2
|
* Make the BOOTP family new-style options (in opt_bootp.h)eivind1998-01-091-1/+2
|
* Submitted by: Archie cobbs (IPDIVERT author)julian1997-11-131-1/+7
| | | | | | | | close small security hole where an atacker could sendpackets with IPDIVERT protocol, and select how it would be diverted thus bypassing the ipfirewall. Discovered by inspection rather than attack. (you'd have to know how the firewall was configured (EXACTLY) to make use of this but..)
* Make IPDIVERT a supported option. Alas, in_var.h depends on it, ijoerg1997-11-051-1/+2
| | | | | | hope i've found out all files that actually depend on this dependancy. IMHO, it's not very good practice to change the size of internal structs depending on kernel options.
* Return the entire if info, rather than just the index number. (at least try)julian1997-11-051-9/+31
| | | | | Interface index numbers are an abomination that should go away (at least in that form)
* Fix bugs from my previous commitguido1997-10-281-4/+4
| | | | Submitted by: Bruce Evans
* Removed unused #includes.bde1997-10-281-4/+1
|
* When dosourcerouting is set do not sourceoute....guido1997-10-271-1/+4
|
* Export ipstat via sysctl. Don't understand why this wasn't done before.wollman1997-09-251-1/+3
|
* Prevent overflow with fragmented packetsache1997-09-151-26/+67
| | | | Reviewed by: wollman
* Recalculate ip_sum before passing abrian1997-07-251-1/+15
| | | | | | re-assembled packet to a divert port. Pointed-out by: Ari Suutari <ari@suutari.iki.fi> VS: then name the system in this line, otherwise delete it.
* Submitted by: Whistle Communications (archie Cobbs)julian1997-06-021-16/+16
| | | | | | | | | | | | | | | these are quite extensive additions to the ipfw code. they include a change to the API because the old method was broken, but the user view is kept the same. The new code allows a particular match to skip forward to a particular line number, so that blocks of rules can be used without checking all the intervening rules. There are also many more ways of rejecting connections especially TCP related, and many many more ... see the man page for a complete description.
* Bring in some kernel bootp support. This removes the need for netboottegge1997-05-111-1/+5
| | | | | | | | to fill in the nfs_diskless structure, at the cost of some kernel bloat. The advantage is that this code works on a wider range of network adapters than netboot. Several new kernel options are documented in LINT. Obtained from: parts of the code comes from NetBSD.
* Resolve conflicts created by import.darrenr1997-04-031-15/+13
|
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* change IP Filter hooks to match new 3.1.8 patches for FreeBSDdarrenr1997-02-191-6/+7
|
* Add IP Filter hooks (from patches).darrenr1997-02-101-0/+19
|
* Don't zero ip->ip_sum during sum validation. This should onlybrian1997-02-061-3/+4
| | | | | | | | | | affect programs that sit on top of divert(4) sockets. The multicast routing code already unconditionally zeros the sum before recalculating. Any code that unconditionaly sums a packet without first zeroing the sum (assuming that it's already zero'd) will break. No such code seems to exist.
* Reset ip_divert_ignore to zero immediately after use - also,brian1997-02-021-0/+1
| | | | | | | | | | | set it in the first place, independent of whether sin->sin_port is set. The result is that diverted packets that are being forwarded will be diverted once and only once on the way in (ip_input()) and again, once and only once on the way out (ip_output()) - twice in total. ICMP packets that don't contain a port will now also be diverted.
* Count multicast packets received for groups of which we are notwollman1997-01-211-1/+1
| | | | | a member separately from generic ``can't forward'' packets. This would have helped me find the previous bug much faster.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Convert the interface address and IP interface address structureswollman1996-12-131-4/+7
| | | | | | to TAILQs. Fix places which referenced these for no good reason that I can see (the references remain, but were fixed to compile again; they are still questionable).
* Only pay attention to the offset and the IP_MF flag in ip_off. Pointeddg1996-12-111-2/+2
| | | | out by Nathaniel D. Daw (daw@panix.com), but fixed differently by me.
* Add the IP_RECVIF socket option, which supplies a packet's incoming interfacefenner1996-11-111-1/+61
| | | | | | | | using a sockaddr_dl. Fix the other packet-information socket options (SO_TIMESTAMP, IP_RECVDSTADDR) to work for multicast UDP and raw sockets as well. (They previously only worked for unicast UDP).
* Don't allow reassembly to create packets bigger than IP_MAXPACKET, and countfenner1996-10-251-2/+12
| | | | | | | | | attempts to do so. Don't allow users to source packets bigger than IP_MAXPACKET. Make UDP length and ipovly's protocol length unsigned short. Reviewed by: wollman Submitted by: (partly by) kml@nas.nasa.gov (Kevin Lahey)
* Changed args to the nat functions.sos1996-10-221-2/+2
|
* All three files: make COMPAT_IPFW==0 case work again.wollman1996-10-071-26/+42
| | | | | | | ip_input.c: - delete some dusty code - _IP_VHL - use fast inline header checksum when possible
* Dequeue mbuf before freeing it. Fixes mbuf leak and a potential crash whendg1996-09-081-2/+5
| | | | | | handling IP fragments. Submitted by: Darren Reed <avalon@coombs.anu.edu.au>
* Add hooks for an IP NAT module, much like the firewall stuff...sos1996-08-211-1/+13
| | | | | Move the sockopt definitions for the firewall code from ip_fw.h to in.h where it belongs.
* Adding changes to ipfw and the kernel to support ip packet diversion..julian1996-07-101-5/+66
| | | | | | This stuff should not be too destructive if the IPDIVERT is not compiled in.. be aware that this changes the size of the ip_fw struct so ipfw needs to be recompiled to use it.. more changes coming to clean this up.
* Convert ipfw to use opt_ipfw.hgpalmer1996-06-121-1/+3
|
* Changed some memcpy()'s back to bcopy()'s.bde1996-06-081-2/+2
| | | | | | | gcc only inlines memcpy()'s whose count is constant and didn't inline these. I want memcpy() in the kernel go away so that it's obvious that it doesn't need to be optimized. Now it is only used for one struct copy in si.c.
* Clean up various compiler warnings. Most (if not all) were benigngpalmer1996-05-081-1/+6
| | | | Reviewed by: bde
* Fix a bogon I introduced with my last change.phk1996-04-121-2/+2
| | | | Submitted by: Andreas Klemm <andreas@knobel.gun.de>
* Add feature for tcp "established".phk1996-04-031-25/+10
| | | | | Change interface between netinet and ip_fw to be more general, and thus hopefully also support other ip filtering implementations.
* Check the validity of ia->ia_ifp before we dereference it.phk1996-03-251-2/+2
|
* Make getsockopt() capable of handling more than one mbuf worth of data.phk1996-02-241-3/+3
| | | | | Use this to read rules out of ipfw. Add the lkm code to ipfw.c
* The new firewall functionality:phk1996-02-241-1/+4
| | | | | Filter on the direction (in/out). Filter on fragment/not fragment.
* Big sweep over the IPFIREWALL and IPACCT code.phk1996-02-231-15/+21
| | | | | | | | | | | | | | Close the ip-fragment hole. Waste less memory. Rewrite to contemporary more readable style. Kill separate IPACCT facility, use "accept" rules in IPFIREWALL. Filter incoming >and< outgoing packets. Replace "policy" by sticky "deny all" rule. Rules have numbers used for ordering and deletion. Remove "rerorder" code entirely. Count packet & bytecount matches for rules. Code in -current & -stable is now the same.
* Provide a direct entry point for IP input. This actually resultswollman1996-02-051-25/+32
| | | | | in a slight decrease in performance, but will lead to better performance later.
* Finally demolished the last, tottering remnants of GATEWAY. If you wantwollman1996-01-051-14/+3
| | | | | | | to enable IP forwarding, use sysctl(8). Also did the same for IPX, which involved inventing a completely new MIB from whole cloth (which I may not quite have correct); be aware of this if you use IPX forwarding. (The two should never have been controlled by the same option anyway.)
* Delete old-style-broadcast-address compatibility cruft in IP input path.wollman1995-12-211-3/+3
| | | | | If users want to use the old-style broadcast addresses, they will have to currectly configure their systems.
* Demolish DIRECTED_BROADCAST. It was always a bad idea, and nobody uses it.wollman1995-12-201-15/+8
|
* Actually call in_rtqdrain()as was originally intended.wollman1995-12-191-2/+3
|
* Another mega commit to staticize things.phk1995-12-141-4/+4
|
OpenPOWER on IntegriCloud