summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Oops, forgot to commit this file. This is part of the fixmux2002-10-241-0/+2
| | | | for ipfw2 panics on sparc64.
* Fix ipfw2 panics on 64-bit platforms.mux2002-10-241-6/+2
| | | | | | | | | | Quoting luigi: In order to make the userland code fully 64-bit clean it may be necessary to commit other changes that may or may not cause a minor change in the ABI. Reviewed by: luigi
* src and dst address were erroneously swapped in SRC_SET and DST_SETluigi2002-10-241-2/+2
| | | | commands. Use the correct one. Also affects ipfw2 in -stable.
* Fix kernel build on sparc64 in the IPDIVERT case.mux2002-10-241-1/+1
|
* Unbreak the automatic remapping of an INADDR_ANY destination addressiedowse2002-10-241-5/+4
| | | | | | | | | | | | | | | to the primary local IP address when doing a TCP connect(). The tcp_connect() code was relying on in_pcbconnect (actually in_pcbladdr) modifying the passed-in sockaddr, and I failed to notice this in the recent change that added in_pcbconnect_setup(). As a result, tcp_connect() was ending up using the unmodified sockaddr address instead of the munged version. There are two cases to handle: if in_pcbconnect_setup() succeeds, then the PCB has already been updated with the correct destination address as we pass it pointers to inp_faddr and inp_fport directly. If in_pcbconnect_setup() fails due to an existing but dead connection, then copy the destination address from the old connection.
* Kill EOL spaces.maxim2002-10-231-24/+23
| | | | | Approved by: luigi MFC after: 1 week
* Use syslog for messages about dropped sessions, do not flood a console.maxim2002-10-231-1/+1
| | | | | | Suggested by: Eugene Grosbein <eugen@kuzbass.ru> Approved by: luigi MFC after: 1 week
* fixed a kernel crash by "ifconfig stf0 inet 1.2.3.4"suz2002-10-221-5/+9
| | | | MFC after: 1 week
* Implement a new IP_SENDSRCADDR ancillary message type that permitsiedowse2002-10-212-4/+63
| | | | | | | | | | | | a server process bound to a wildcard UDP socket to select the IP address from which outgoing packets are sent on a per-datagram basis. When combined with IP_RECVDSTADDR, such a server process can guarantee to reply to an incoming request using the same source IP address as the destination IP address of the request, without having to open one socket per server IP address. Discussed on: -net Approved by: re
* Remove the "temporary connection" hack in udp_output(). In orderiedowse2002-10-211-23/+26
| | | | | | | | | | | | | | | | | to send datagrams from an unconnected socket, we used to first block input, then connect the socket to the sendmsg/sendto destination, send the datagram, and finally disconnect the socket and unblock input. We now use in_pcbconnect_setup() to check if a connect() would have succeeded, but we never record the connection in the PCB (local anonymous port allocation is still recorded, though). The result from in_pcbconnect_setup() authorises the sending of the datagram and selects the local address and port to use, so we just construct the header and call ip_output(). Discussed on: -net Approved by: re
* Replace in_pcbladdr() with a more generic inner subroutine foriedowse2002-10-213-100/+136
| | | | | | | | | | | | | | | in_pcbconnect() called in_pcbconnect_setup(). This version performs all of the functions of in_pcbconnect() except for the final committing of changes to the PCB. In the case of an EADDRINUSE error it can also provide to the caller the PCB of the duplicate connection, avoiding an extra in_pcblookup_hash() lookup in tcp_connect(). This change will allow the "temporary connect" hack in udp_output() to be removed and is part of the preparation for adding the IP_SENDSRCADDR control message. Discussed on: -net Approved by: re
* Fix two instances of variant struct definitions in sys/netinet:phk2002-10-209-89/+52
| | | | | | | | | | | | | | Remove the never completed _IP_VHL version, it has not caught on anywhere and it would make us incompatible with other BSD netstacks to retain this version. Add a CTASSERT protecting sizeof(struct ip) == 20. Don't let the size of struct ipq depend on the IPDIVERT option. This is a functional no-op commit. Approved by: re
* When a packet is multicast encapsulated, give labeled policies therwatson2002-10-201-0/+5
| | | | | | | opportunity to preserve the label. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* Split out most of the logic from in_pcbbind() into a new functioniedowse2002-10-202-36/+66
| | | | | | | | | | | called in_pcbbind_setup() that does everything except commit the changes to the PCB. There should be no functional change here, but in_pcbbind_setup() will be used by the soon-to-appear IP_SENDSRCADDR control message implementation to check or allocate the source address and port. Discussed on: -net Approved by: re
* Several malloc() calls were passing the M_DONTWAIT flagmux2002-10-191-3/+3
| | | | | | which is an mbuf allocation flag. Use the correct M_NOWAIT malloc() flag. Fortunately, both were defined to 1, so this commit is a no-op.
* last arg of in6?_gif_output() is not used any more.ume2002-10-172-3/+2
| | | | | Obtained from: KAME MFC after: 3 weeks
* de-__P().alfred2002-10-162-4/+4
|
* use encapcheck.ume2002-10-161-14/+0
| | | | | Obtained from: KAME MFC after: 3 weeks
* - after gif_set_tunnel(), psrc/pdst may be null. set IFF_RUNNING accordingly.ume2002-10-162-29/+92
| | | | | | | | | | | | | | - set IFF_UP on SIOCSIFADDR. be consistent with others. - set if_addrlen explicitly (just in case) - multi destination mode is long gone. - missing break statement - add gif_set_tunnel(), so that we can set tunnel address from within the kernel at ease. - encap_attach/detach dynamically on ioctls - move encap_attach() to dedicated function in in*_gif.c Obtained from: KAME MFC after: 3 weeks
* Fix oops in my last commit, I was calculating a new length but then notdillon2002-10-161-1/+1
| | | | | | using it. (The code is already correct in -stable). Found by: silby
* Get rid of checking for ip sec history. It is true that packets are notguido2002-10-161-5/+0
| | | | | | | | | | | | | | | | | | | | | supposed to be checked by the firewall rules twice. However, because the various ipsec handlers never call ip_input(), this never happens anyway. This fixes the situation where a gif tunnel is encrypted with IPsec. In such a case, after IPsec processing, the unencrypted contents from the GIF tunnel are fed back to the ipintrq and subsequently handeld by ip_input(). Yet, since there still is IPSec history attached, the packets coming out from the gif device are never fed into the filtering code. This fix was sent to Itojun, and he pointed towartds http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction. This patch actually implements what is stated there (specifically: Packet came from tunnel devices (gif(4) and ipip(4)) will still go through ipf(4). You may need to identify these packets by using interface name directive in ipf.conf(5). Reviewed by: rwatson MFC after: 3 weeks
* correct PCB locking in broadcast/multicast case that was exposed by changesam2002-10-161-1/+1
| | | | | | to use udp_append Reviewed by: hsu
* Tie new "Fast IPsec" code into the build. This involves the usualsam2002-10-1614-92/+438
| | | | | | | | | | | | configuration stuff as well as conditional code in the IPv4 and IPv6 areas. Everything is conditional on FAST_IPSEC which is mutually exclusive with IPSEC (KAME IPsec implmentation). As noted previously, don't use FAST_IPSEC with INET6 at the moment. Reviewed by: KAME, rwatson Approved by: silence Supported by: Vernier Networks
* Replace aux mbufs with packet tags:sam2002-10-1619-106/+51
| | | | | | | | | | | | | | | | | | | o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
* Increase the max dummynet hash size from 1024 to 65536. Default is stillseanc2002-10-122-2/+8
| | | | | | | | | 1024. Silence on: -net, -ipfw 4weeks+ Reviewed by: dd Approved by: knu (mentor) MFC after: 3 weeks
* turn off debugging by default if bandwidth delay product limiting isdillon2002-10-102-2/+2
| | | | turned on (it is already off in -stable).
* Update various comments mainly related to retransmit/FIN that Idillon2002-10-101-6/+36
| | | | | | | | documented while working on a previous bug. Fix a PERSIST bug. Properly account for a FIN sent during a PERSIST. MFC after: 7 days
* Fix IPOPT_TS processing: do not overwrite IP address by timestamp.maxim2002-10-101-0/+2
| | | | | | | PR: misc/42121 Submitted by: Praveen Khurjekar <praveen@codito.com> Reviewed by: silence on -net MFC after: 1 month
* Since bpf is no longer an optional component, remove associated ifdef's.sobomax2002-10-021-7/+2
| | | | | Submitted by: don't quite remember - the name of the sender disappeared with the rest of my inbox. :(
* Include <sys/cdefs.h> so the visibility conditionals are available.mike2002-10-021-0/+2
| | | | (This should have been included with the previous revision.)
* Use visibility conditionals. Only TCP_NODELAY ends up being definedmike2002-10-021-1/+6
| | | | in the standards case.
* Guido found another bug. There is a situation withdillon2002-09-302-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | timestamped TCP packets where FreeBSD will send DATA+FIN and A W2K box will ack just the DATA portion. If this occurs after FreeBSD has done a (NewReno) fast-retransmit and is recovering it (dupacks > threshold) it triggers a case in tcp_newreno_partial_ack() (tcp_newreno() in stable) where tcp_output() is called with the expectation that the retransmit timer will be reloaded. But tcp_output() falls through and returns without doing anything, causing the persist timer to be loaded instead. This causes the connection to hang until W2K gives up. This occurs because in the case where only the FIN must be acked, the 'len' calculation in tcp_output() will be 0, a lot of checks will be skipped, and the FIN check will also be skipped because it is designed to handle FIN retransmits, not forced transmits from tcp_newreno(). The solution is to simply set TF_ACKNOW before calling tcp_output() to absolute guarentee that it will run the send code and reset the retransmit timer. TF_ACKNOW is already used for this purpose in other cases. For some unknown reason this patch also seems to greatly reduce the number of duplicate acks received when Guido runs his tests over a lossy network. It is quite possible that there are other tcp_newreno{_partial_ack()} cases which were not generating the expected output which this patch also fixes. X-MFC after: Will be MFC'd after the freeze is over
* Be consistent about "static" functions: if the function is markedphk2002-09-281-1/+1
| | | | | | static in its prototype, mark it static at the definition too. Inspired by: FlexeLint warning #512
* Zap now-unused SHLIB_MINORpeter2002-09-281-1/+0
|
* Slightly rearrange a code in rev. 1.164:maxim2002-09-231-4/+8
| | | | | | | | | | o Move len initialization closer to place of its first usage. o Compare len with 0 to improve readability. o Explicitly zero out phlen in ip_insertoptions() in failure case. Suggested by: jhb Reviewed by: jhb MFC after: 2 weeks
* s/__attribute__((__packed__))/__packed/galfred2002-09-232-26/+26
|
* Fix issue where shutdown(socket, SHUT_RD) was effectivelysilby2002-09-222-6/+20
| | | | | | | | ignored for TCP sockets. NetBSD PR: 18185 Submitted by: Sean Boudreau <seanb@qnx.com> MFC after: 3 days
* Use m_fixhdr() rather than roll our own.phk2002-09-181-6/+2
|
* Guido reported an interesting bug where an FTP connection between adillon2002-09-172-10/+46
| | | | | | | | | | | | | | | | | | | Windows 2000 box and a FreeBSD box could stall. The problem turned out to be a timestamp reply bug in the W2K TCP stack. FreeBSD sends a timestamp with the SYN, W2K returns a timestamp of 0 in the SYN+ACK causing FreeBSD to calculate an insane SRTT and RTT, resulting in a maximal retransmit timeout (60 seconds). If there is any packet loss on the connection for the first six or so packets the retransmit case may be hit (the window will still be too small for fast-retransmit), causing a 60+ second pause. The W2K box gives up and closes the connection. This commit works around the W2K bug. 15:04:59.374588 FREEBSD.20 > W2K.1036: S 1420807004:1420807004(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 188297344 0> (DF) [tos 0x8] 15:04:59.377558 W2K.1036 > FREEBSD.20: S 4134611565:4134611565(0) ack 1420807005 win 17520 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0> (DF) Bug reported by: Guido van Rooij <guido@gvr.org>
* Remove __RCSID().sobomax2002-09-171-3/+0
| | | | Submitted by: bde
* Explicitly clear M_FRAG flag on a mbuf with the last fragment to unbreakmaxim2002-09-171-1/+2
| | | | | | | | ip fragments reassembling for loopback interface. Discussed with: bde, jlemon Reviewed by: silence on -net MFC after: 2 weeks
* In rare cases when there is no room for ip options ip_insertoptions()maxim2002-09-171-1/+3
| | | | | | | | can fail and corrupt a header length. Initialize len and check what ip_insertoptions() returns. Reviewed by: archie, silence on -net MFC after: 5 days
* Tempary fix for inet6. The final fix is to change in6_pcbnotify to take ↵jennifer2002-09-171-0/+2
| | | | | | pcbinfo instead of pcbhead. It is on the way.
* Remove superfluous break.sobomax2002-09-101-1/+0
|
* Since from now on encap_input() also catches IPPROTO_MOBILE and IPPROTO_GREsobomax2002-09-091-1/+1
| | | | | | | | packets in addition to IPPROTO_IPV4 and IPPROTO_IPV6, explicitly specify IPPROTO_IPV4 or IPPROTO_IPV6 instead of -1 when calling encap_attach(). MFC after: 28 days (along with other if_gre changes)
* Reduce namespace pollution by staticizing everything, which doesn't need tosobomax2002-09-061-4/+4
| | | | be visible from outside of the module.
* Add a new gre(4) driver, which could be used to create GRE (RFC1701)sobomax2002-09-063-0/+415
| | | | | | and MOBILE (RFC2004) IP tunnels. Obrained from: NetBSD
* Fixed namespace pollution in uma changes:bde2002-09-051-2/+3
| | | | | | | | | | | | - use `struct uma_zone *' instead of uma_zone_t, so that <sys/uma.h> isn't a prerequisite. - don't include <sys/uma.h>. Namespace pollution makes "opaque" types like uma_zone_t perfectly non-opaque. Such types should never be used (see style(9)). Fixed subsequently grwon dependencies of this header on its own pollution: - include <sys/_mutex.h> and its prerequisite <sys/_lock.h> instead of depending on namespace pollution 2 layers deep in <sys/uma.h>.
* Include <sys/mutex.h> and its prerequisite <sys/lock.h> instead of dependingbde2002-09-051-8/+6
| | | | | | on namespace pollution 4 layers deep in <netinet/in_pcb.h>. Removed unused includes. Sorted includes.
* Add in_hosteq() and in_nullhost() macros to make life of developerssobomax2002-09-041-0/+3
| | | | | | porting NetBSD code a little bit easier. Obtained from: NetBSD
OpenPOWER on IntegriCloud