summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_output.c
Commit message (Collapse)AuthorAgeFilesLines
* RFC768 (UDP) requires that "if the computed checksum is zero, itru2001-03-131-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | is transmitted as all ones". This got broken after introduction of delayed checksums as follows. Some guys (including Jonathan) think that it is allowed to transmit all ones in place of a zero checksum for TCP the same way as for UDP. (The discussion still takes place on -net.) Thus, the 0 -> 0xffff checksum fixup was first moved from udp_output() (see udp_usrreq.c, 1.64 -> 1.65) to in_cksum_skip() (see sys/i386/i386/in_cksum.c, 1.17 -> 1.18, INVERT expression). Besides that I disagree that it is valid for TCP, there was no real problem until in_cksum.c,v 1.20, where the in_cksum() was made just a special version of in_cksum_skip(). The side effect was that now every incoming IP datagram failed to pass the checksum test (in_cksum() returned 0xffff when it should actually return zero). It was fixed next day in revision 1.21, by removing the INVERT expression. The latter also broke the 0 -> 0xffff fixup for UDP checksums. Before this change: : tcpdump: listening on lo0 : 127.0.0.1.33005 > 127.0.0.1.33006: udp 0 (ttl 64, id 1) : 4500 001c 0001 0000 4011 7cce 7f00 0001 : 7f00 0001 80ed 80ee 0008 0000 After this change: : tcpdump: listening on lo0 : 127.0.0.1.33005 > 127.0.0.1.33006: udp 0 (ttl 64, id 1) : 4500 001c 0001 0000 4011 7cce 7f00 0001 : 7f00 0001 80ed 80ee 0008 ffff
* In ip_output(), initialise `ia' in the case where the packet hasiedowse2001-03-111-0/+1
| | | | | | | | | come from a dummynet pipe. Without this, the code which increments the per-ifaddr stats can dereference an uninitialised pointer. This should make dummynet usable again. Reported by: "Dmitry A. Yanko" <fm@astral.ntu-kpi.kiev.ua> Reviewed by: luigi, joe
* Remove conditionals for vax support.asmodai2001-02-261-5/+0
| | | | | | | People who care much about this are welcomed to try 2.11BSD. :) Noticed by: luigi Reviewed by: jesper
* Another round of the <sys/queue.h> FOREACH transmogriffer.phk2001-02-041-4/+2
| | | | | Created with: sed(1) Reviewed by: md5(1)
* Mechanical change to use <sys/queue.h> macro API instead ofphk2001-02-041-3/+3
| | | | | | | fondling implementation details. Created with: sed(1) Reviewed by: md5(1)
* MFS: bridge/ipfw/dummynet fixes (bridge.c will be committed separately)luigi2001-02-021-4/+16
|
* Pass up errors returned by dummynet. The same should be done withluigi2001-01-251-3/+3
| | | | divert.
* * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.bmilekic2000-12-211-1/+1
| | | | | | | | | | | | | | | | | | This is because calls with M_WAIT (now M_TRYWAIT) may not wait forever when nothing is available for allocation, and may end up returning NULL. Hopefully we now communicate more of the right thing to developers and make it very clear that it's necessary to check whether calls with M_(TRY)WAIT also resulted in a failed allocation. M_TRYWAIT basically means "try harder, block if necessary, but don't necessarily wait forever." The time spent blocking is tunable with the kern.ipc.mbuf_wait sysctl. M_WAIT is now deprecated but still defined for the next little while. * Fix a typo in a comment in mbuf.h * Fix some code that was actually passing the mbuf subsystem's M_WAIT to malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the value of the M_WAIT flag, this could have became a big problem.
* It's no longer true that "nobody uses ia beyond here"; it's nowjoe2000-11-011-1/+1
| | | | | | used to keep address based if_data statistics in. Submitted by: ru
* Move suser() and suser_xxx() prototypes and a related #define fromphk2000-10-291-1/+0
| | | | | | | | | <sys/proc.h> to <sys/systm.h>. Correctly document the #includes needed in the manpage. Add one now needed #include of <sys/systm.h>. Remove the consequent 48 unused #includes of <sys/proc.h>.
* Count per-address statistics for IP fragments.joe2000-10-291-2/+6
| | | | | Requested by: ru Obtained from: BSD/OS
* Save a few CPU cycles in IP fragmentation code.ru2000-10-201-3/+1
|
* Augment the 'ifaddr' structure with a 'struct if_data' to keepjoe2000-10-191-0/+7
| | | | | | | | | | | statistics on a per network address basis. Teach the IPv4 and IPv6 input/output routines to log packets/bytes against the network address connected to the flow. Teach netstat to display the per-address stats for IP protocols when 'netstat -i' is evoked, instead of displaying the per-interface stats.
* Follow BSD/OS and NetBSD, keep the ip_id field in network order all the time.ru2000-09-141-9/+1
| | | | Requested by: wollman
* Fixed broken ICMP error generation, unified conversion of IP headerru2000-09-011-13/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fields between host and network byte order. The details: o icmp_error() now does not add IP header length. This fixes the problem when icmp_error() is called from ip_forward(). In this case the ip_len of the original IP datagram returned with ICMP error was wrong. o icmp_error() expects all three fields, ip_len, ip_id and ip_off in host byte order, so DTRT and convert these fields back to network byte order before sending a message. This fixes the problem described in PR 16240 and PR 20877 (ip_id field was returned in host byte order). o ip_ttl decrement operation in ip_forward() was moved down to make sure that it does not corrupt the copy of original IP datagram passed later to icmp_error(). o A copy of original IP datagram in ip_forward() was made a read-write, independent copy. This fixes the problem I first reported to Garrett Wollman and Bill Fenner and later put in audit trail of PR 16240: ip_output() (not always) converts fields of original datagram to network byte order, but because copy (mcopy) and its original (m) most likely share the same mbuf cluster, ip_output()'s manipulations on original also corrupted the copy. o ip_output() now expects all three fields, ip_len, ip_off and (what is significant) ip_id in host byte order. It was a headache for years that ip_id was handled differently. The only compatibility issue here is the raw IP socket interface with IP_HDRINCL socket option set and a non-zero ip_id field, but ip.4 manual page was unclear on whether in this case ip_id field should be in host or network byte order.
* activate pfil_hooks and covert ipfilter to use itdarrenr2000-07-311-8/+25
|
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-041-23/+22
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Add boundary checks against IP options.jlemon2000-06-021-1/+3
| | | | Obtained from: OpenBSD
* Mark the checksum as complete when looping back multicast packets.jlemon2000-05-251-0/+6
| | | | Submitted by: Jeff Gibbons <jgibbons@n2.net>
* Just need to pass the address family to if_simloop(), not the whole sockaddr.archie2000-05-241-1/+1
|
* Compute the checksum before handing the packet off to IPFilter.jlemon2000-05-211-2/+1
| | | | Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
* Move htons() ip_len to after the in_delayed_cksum() call.shin2000-04-021-5/+5
| | | | | | | This should stop cksum error messages on IPsec communication which was reported on freebsd-current. Reviewed by: jlemon
* Calculate any delayed checksums before handing an mbuf off to ajlemon2000-04-011-0/+10
| | | | | | divert socket. This fixes a problem with ppp/natd. Reviewed by: bsd (Brian Dean, gotta love that login name)
* If `ipfw fwd' loops an mbuf back to ip_input from ip_output and thejlemon2000-03-301-6/+7
| | | | | | | | | mbuf is marked for delayed checksums, then additionally mark the packet as having it's checksums computed. This allows us to bypass computing/checking the checksum entirely, which isn't really needeed as the packet has never hit the wire. Reviewed by: green
* Add support for offloading IP/TCP/UDP checksums to NIC hardware whichjlemon2000-03-271-17/+87
| | | | supports them.
* Initialize mbuf pointer at getting ipsec policy.shin2000-03-091-2/+3
| | | | | | | | | | Without this, kernel will panic at getsockopt() of IPSEC_POLICY. Also make compilable libipsec/test-policy.c which tries getsockopt() of IPSEC_POLICY. Approved by: jkh Submitted by: sakane@kame.net
* Remove option IPFILTER_KLD. In case you wanted to kldload ipfilter,guido2000-02-231-9/+0
| | | | | | the module would only work in kernels built with this option. Approved by: jkh
* Support the net.inet.ip.fw.enable variable, part ofluigi2000-02-101-2/+2
| | | | | | the recent ipfw modifications. Approved-by: jordan
* MGETHDR() does not initialize m_pkthdr.rcvif, do it here.ru2000-01-101-0/+1
| | | | | | | This fixes page fault panic observed when diverting packets with IP options (e.g. ping -R remoteIP over natd). PR: kern/8596, kern/11199
* enable IPsec over DUMMYNET againshin2000-01-091-17/+14
| | | | | Submitted by: luigi Reviewed by: luigi
* Cleanup dummynet call interface so it should now work on the Alphaluigi2000-01-081-5/+7
| | | | as well. Also (probably) fix a bug introduced during the IPv6 import.
* IPSEC support in the kernel.shin1999-12-221-3/+234
| | | | | | | | pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
* Miscellaneous fixes/cleanups relating to ipfw and divert(4):archie1999-12-061-10/+34
| | | | | | | | | | | | | - Implement 'ipfw tee' (finally) - Divert packets by calling new function divert_packet() directly instead of going through protosw[]. - Replace kludgey global variable 'ip_divert_port' with a function parameter to divert_packet() - Replace kludgey global variable 'frag_divert_port' with a function parameter to ip_reass() - style(9) fixes Reviewed by: julian, green
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* Free the dummynet descriptor in ip_dummynet, not in the calledluigi1999-05-041-3/+1
| | | | | | | routines. The descriptor contains parameters which could be used within those routines (eg. ip_output() ). On passing, add IPPROTO_PGM entry to netinet/in.h
* forgot passing the right pointer to dst to dummynet_io().luigi1999-05-041-2/+2
| | | | | (-stable and releng2 were already safe). Debugged-By: phk
* Tidy up some stray / unused stuff in the IPFW package and friends.peter1999-04-201-20/+2
| | | | | | | | - unifdef -DCOMPAT_IPFW (this was on by default already) - remove traces of in-kernel ip_nat package, it was never committed. - Make IPFW and DUMMYNET initialize themselves rather than depend on compiled-in hooks in ip_init(). This means they initialize the same way both in-kernel and as kld modules. (IPFW initializes now :-)
* Fix a dummynet bug caused by passing a bad next hop address (theluigi1999-03-161-5/+5
| | | | | | symptom was the msg "arp failure -- host is not on local network" that some user have seen on multihomed machines. Bug tracked down by Emmanuel Duros
* avoid panic with pkts larger than MTU and DF set coming out of a pipe.luigi1999-02-191-2/+2
|
* Restore 1.82->1.83 change deleted by mistake< per Bruce suggestionluigi1998-12-211-1/+2
|
* Last bits (i think) of dummynet for -current.luigi1998-12-141-18/+89
|
* add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE()peter1998-11-101-1/+2
|
* Properly fragment multicast packets.wollman1998-09-021-1/+2
| | | | | PR: 7802 Submitted by: Steve McCanne <mccanne@cs.berkeley.edu>
* Yow! Completely change the way socket options are handled, eliminatingwollman1998-08-231-183/+212
| | | | | | another specialized mbuf type in the process. Also clean up some of the cruft surrounding IPFW, multicast routing, RSVP, and other ill-explored corners.
* Fix a compile error if IPFIREWALL_FORWARD active without IPDIVERT.peter1998-08-011-3/+2
|
* Fixed some longs that should have been fixed-sized types.bde1998-07-131-2/+2
|
* Don't expect the new code to be used without the right option file beingjulian1998-07-061-1/+2
| | | | included.
* Fix braino in switching to TAILQ macro.julian1998-07-061-2/+2
|
* Support for IPFW based transparent forwarding.julian1998-07-061-7/+132
| | | | | | | | | | | | | | Any packet that can be matched by a ipfw rule can be redirected transparently to another port or machine. Redirection to another port mostly makes sense with tcp, where a session can be set up between a proxy and an unsuspecting client. Redirection to another machine requires that the other machine also be expecting to receive the forwarded packets, as their headers will not have been modified. /sbin/ipfw must be recompiled!!! Reviewed by: Peter Wemm <peter@freebsd.org> Submitted by: Chrisy Luke <chrisy@flix.net>
* Removed unused includes.bde1998-06-211-2/+1
|
OpenPOWER on IntegriCloud