summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Add address translation support for RTSP/RTP used by RealPlayer andarchie2000-07-268-3/+819
| | | | | | | | Quicktime streaming media applications. Add a BUGS section to the man page. Submitted by: Erik Salander <erik@whistle.com>
* When a connection is being dropped due to a listen queue overflow,jayanth2000-07-216-2/+64
| | | | | | | | | delete the cloned route that is associated with the connection. This does not exhaust the routing table memory when the system is under a SYN flood attack. The route entry is not deleted if there is any prior information cached in it. Reviewed by: Peter Wemm,asmodai
* fix conflictsdarrenr2000-07-1913-109/+221
|
* Fix a comment which was broken in rev 1.36.sheldonh2000-07-181-1/+1
| | | | | PR: 19947 Submitted by: Tetsuya Isaki <isaki@net.ipc.hiroshima-u.ac.jp>
* close PR 19544 - ipfw pipe delete causes panic when no pipes definedluigi2000-07-171-2/+2
| | | | PR: 19544
* Extra sanity check when arp proxyall is enabled. Don't send an arpdwmalone2000-07-131-0/+26
| | | | | | | | | | reply if the requesting machine isn't on the interface we believe it should be. Prevents arp wars when you plug cables in the wrong way around. PR: 9848 Submitted by: Ian Dowse <iedowse@maths.tcd.ie> Not objected to by: wollman
* re-enable the tcp newreno code.jayanth2000-07-121-1/+1
|
* remove m_pulldown statistics, which is highly experimental and does notitojun2000-07-121-12/+4
| | | | belong to *bsd-merged tree
* be more cautious about tcp option length field. drop bogus ones earlier.itojun2000-07-092-2/+6
| | | | | not sure if there is a real threat or not, but it seems that there's possibility for overrun/underrun (like non-NOP option with optlen > cnt).
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-0423-248/+1791
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.phk2000-07-046-11/+11
| | | | Pointed out by: bde
* Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:phk2000-07-036-11/+11
| | | | | | | | Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our sources: -sysctl_vm_zone SYSCTL_HANDLER_ARGS +sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
* Fixed PunchFWHole():ru2000-06-271-2/+3
| | | | | - ipfw always rejected rule with `neither in nor out' diagnostics. - number of src/dst ports was not set properly.
* - Removed PacketAliasPptp() API function.ru2000-06-204-38/+1
| | | | - SHLIB_MAJOR++.
* Added true support for PPTP aliasing. Some nice features include:ru2000-06-207-11/+422
| | | | | | | | | | | | | | | | | | | | - Multiple PPTP clients behind NAT to the same or different servers. - Single PPTP server behind NAT -- you just need to redirect TCP port 1723 to a local machine. Multiple servers behind NAT is possible but would require a simple API change. - No API changes! For more information on how this works see comments at the start of the alias_pptp.c. PacketAliasPptp() is no longer necessary and will be removed soon. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru Rewritten by: ru Reviewed by: Erik Salander <erik@whistle.com>
* return of the accept filter part IIalfred2000-06-202-0/+263
| | | | | | | | | | | accept filters are now loadable as well as able to be compiled into the kernel. two accept filters are provided, one that returns sockets when data arrives the other when an http request is completed (doesn't work with 0.9 requests) Reviewed by: jmg
* - Improved passive mode FTP support by aliasing 229 replies.ru2000-06-161-312/+337
| | | | | - Stricter checking of PORT/EPRT/227/229 messages format. - Moved all security checks into one place.
* - Added support for passive mode FTP by aliasing 227 replies.ru2000-06-143-15/+228
| | | | | | | | | | | | | | | It does mean that it is now possible to run passive-mode FTP server behind NAT. - SECURITY: FTP aliasing engine now ensures that: o the segment preceding a PORT/227 segment terminates with a \r\n; o the IP address in the PORT/227 matches the source IP address of the packet; o the port number in the PORT command or 277 reply is greater than or equal to 1024. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru
* Fix behaviour of "ipfw pipe show" -- previous code gaveluigi2000-06-141-5/+10
| | | | | ambiguous data to the userland program (kernel operation was safe, anyways).
* Add tcpoptions to ipfw. This works much in the same way as ipoptions do.dan2000-06-082-0/+80
| | | | | | | | | | It also squashes 99% of packet kiddie synflood orgies. For example, to rate syn packets without MSS, ipfw pipe 10 config 56Kbit/s queue 10Packets ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss Submitted by: Richard A. Steenbergen <ras@e-gerbil.net>
* Implement WF2Q+ in dummynet.luigi2000-06-084-346/+1306
|
* Add boundary checks against IP options.jlemon2000-06-023-3/+12
| | | | Obtained from: OpenBSD
* When attempting to transmit a packet, if the system fails to allocatejlemon2000-06-021-0/+4
| | | | | | | | | | | | | a mbuf, it may return without setting any timers. If no more data is scheduled to be transmitted (this was a FIN) the system will sit in LAST_ACK state forever. Thus, when mbuf allocation fails, set the retransmit timer if neither the retransmit or persist timer is already pending. Problem discovered by: Mike Silbersack (silby@silby.com) Pushed for a fix by: Bosko Milekic <bmilekic@dsuper.net> Reviewed by: jayanth
* define CSUM_DELAY_DATA to match mergedarrenr2000-05-261-0/+4
|
* Back out the previous change to the queue(3) interface.jake2000-05-269-19/+19
| | | | | | It was not discussed and should probably not happen. Requested by: msmith and others
* fix up #ifdef jungle for FreeBSDdarrenr2000-05-251-4/+9
|
* remove duplicate prototypesdarrenr2000-05-251-2/+0
|
* Mark the checksum as complete when looping back multicast packets.jlemon2000-05-251-0/+6
| | | | Submitted by: Jeff Gibbons <jgibbons@n2.net>
* Just need to pass the address family to if_simloop(), not the whole sockaddr.archie2000-05-241-1/+1
|
* fix duplicate rcsid'sdarrenr2000-05-241-3/+0
|
* Fixed some style bugs (mainly convoluted logic for blackhole processing).bde2000-05-241-6/+2
|
* It would have been nice if this actually compiled. Close the headerpeter2000-05-241-0/+1
| | | | comment */.
* fix up conflictsdarrenr2000-05-2411-174/+639
|
* fix conflictsdarrenr2000-05-244-71/+190
|
* fix conflictsdarrenr2000-05-242-258/+746
|
* fix conflictsdarrenr2000-05-242-43/+78
|
* fix conflictsdarrenr2000-05-241-240/+753
|
* fix conflictsdarrenr2000-05-242-300/+611
|
* fix conflictsdarrenr2000-05-243-190/+578
|
* Change the way that the queue(3) structures are declared; don't assume thatjake2000-05-239-19/+19
| | | | | | | | the type argument to *_HEAD and *_ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd
* sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.dan2000-05-225-35/+10
| | | | Suggested by: des/nbm
* Add option ICMP_BANDLIM_SUPPRESS_OUTPUT to the mix. With this option,dan2000-05-221-0/+2
| | | | badport_bandlim() will not muck up your console with printf() messages.
* Compute the checksum before handing the packet off to IPFilter.jlemon2000-05-213-2/+11
| | | | Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
* Return ECONNRESET instead of EINVAL if the connection has been shotpeter2000-05-191-3/+3
| | | | | | | | down as a result of a reset. Returning EINVAL in that case makes no sense at all and just confuses people as to what happened. It could be argued that we should save the original address somewhere so that getsockname() etc can tell us what it used to be so we know where the problem connection attempts are coming from.
* snd_cwnd was updated twice in the tcp_newreno function.jayanth2000-05-182-2/+0
|
* Sigh, fix a rookie patch merge error.jayanth2000-05-172-6/+0
| | | | Also-missed-by: peter
* Cast sizeof() calls to be of type (int) when they appear in a signedjlemon2000-05-171-3/+4
| | | | | | | integer expression. Otherwise the sizeof() call will force the expression to be evaluated as unsigned, which is not the intended behavior. Obtained from: NetBSD (in a different form)
* snd_una was being updated incorrectly, this resulted in the newrenojayanth2000-05-162-6/+16
| | | | | | | code retransmitting data from the wrong offset. As a footnote, the newreno code was partially derived from NetBSD and Tom Henderson <tomh@cs.berkeley.edu>
* Do not call icmp_error() if ipfirewall(4) denied packet.ru2000-05-151-0/+4
| | | | PR: kern/10747, kern/18382
* Move code to handle BPF and bridging for incoming Ethernet packets outarchie2000-05-142-236/+175
| | | | | | | | | | | | | | | of the individual drivers and into the common routine ether_input(). Also, remove the (incomplete) hack for matching ethernet headers in the ip_fw code. The good news: net result of 1016 lines removed, and this should make bridging now work with *all* Ethernet drivers. The bad news: it's nearly impossible to test every driver, especially for bridging, and I was unable to get much testing help on the mailing lists. Reviewed by: freebsd-net
OpenPOWER on IntegriCloud