summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.phk2000-07-046-11/+11
| | | | Pointed out by: bde
* Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:phk2000-07-036-11/+11
| | | | | | | | Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our sources: -sysctl_vm_zone SYSCTL_HANDLER_ARGS +sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
* Fixed PunchFWHole():ru2000-06-271-2/+3
| | | | | - ipfw always rejected rule with `neither in nor out' diagnostics. - number of src/dst ports was not set properly.
* - Removed PacketAliasPptp() API function.ru2000-06-204-38/+1
| | | | - SHLIB_MAJOR++.
* Added true support for PPTP aliasing. Some nice features include:ru2000-06-207-11/+422
| | | | | | | | | | | | | | | | | | | | - Multiple PPTP clients behind NAT to the same or different servers. - Single PPTP server behind NAT -- you just need to redirect TCP port 1723 to a local machine. Multiple servers behind NAT is possible but would require a simple API change. - No API changes! For more information on how this works see comments at the start of the alias_pptp.c. PacketAliasPptp() is no longer necessary and will be removed soon. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru Rewritten by: ru Reviewed by: Erik Salander <erik@whistle.com>
* return of the accept filter part IIalfred2000-06-202-0/+263
| | | | | | | | | | | accept filters are now loadable as well as able to be compiled into the kernel. two accept filters are provided, one that returns sockets when data arrives the other when an http request is completed (doesn't work with 0.9 requests) Reviewed by: jmg
* - Improved passive mode FTP support by aliasing 229 replies.ru2000-06-161-312/+337
| | | | | - Stricter checking of PORT/EPRT/227/229 messages format. - Moved all security checks into one place.
* - Added support for passive mode FTP by aliasing 227 replies.ru2000-06-143-15/+228
| | | | | | | | | | | | | | | It does mean that it is now possible to run passive-mode FTP server behind NAT. - SECURITY: FTP aliasing engine now ensures that: o the segment preceding a PORT/227 segment terminates with a \r\n; o the IP address in the PORT/227 matches the source IP address of the packet; o the port number in the PORT command or 277 reply is greater than or equal to 1024. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru
* Fix behaviour of "ipfw pipe show" -- previous code gaveluigi2000-06-141-5/+10
| | | | | ambiguous data to the userland program (kernel operation was safe, anyways).
* Add tcpoptions to ipfw. This works much in the same way as ipoptions do.dan2000-06-082-0/+80
| | | | | | | | | | It also squashes 99% of packet kiddie synflood orgies. For example, to rate syn packets without MSS, ipfw pipe 10 config 56Kbit/s queue 10Packets ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss Submitted by: Richard A. Steenbergen <ras@e-gerbil.net>
* Implement WF2Q+ in dummynet.luigi2000-06-084-346/+1306
|
* Add boundary checks against IP options.jlemon2000-06-023-3/+12
| | | | Obtained from: OpenBSD
* When attempting to transmit a packet, if the system fails to allocatejlemon2000-06-021-0/+4
| | | | | | | | | | | | | a mbuf, it may return without setting any timers. If no more data is scheduled to be transmitted (this was a FIN) the system will sit in LAST_ACK state forever. Thus, when mbuf allocation fails, set the retransmit timer if neither the retransmit or persist timer is already pending. Problem discovered by: Mike Silbersack (silby@silby.com) Pushed for a fix by: Bosko Milekic <bmilekic@dsuper.net> Reviewed by: jayanth
* define CSUM_DELAY_DATA to match mergedarrenr2000-05-261-0/+4
|
* Back out the previous change to the queue(3) interface.jake2000-05-269-19/+19
| | | | | | It was not discussed and should probably not happen. Requested by: msmith and others
* fix up #ifdef jungle for FreeBSDdarrenr2000-05-251-4/+9
|
* remove duplicate prototypesdarrenr2000-05-251-2/+0
|
* Mark the checksum as complete when looping back multicast packets.jlemon2000-05-251-0/+6
| | | | Submitted by: Jeff Gibbons <jgibbons@n2.net>
* Just need to pass the address family to if_simloop(), not the whole sockaddr.archie2000-05-241-1/+1
|
* fix duplicate rcsid'sdarrenr2000-05-241-3/+0
|
* Fixed some style bugs (mainly convoluted logic for blackhole processing).bde2000-05-241-6/+2
|
* It would have been nice if this actually compiled. Close the headerpeter2000-05-241-0/+1
| | | | comment */.
* fix up conflictsdarrenr2000-05-2411-174/+639
|
* fix conflictsdarrenr2000-05-244-71/+190
|
* fix conflictsdarrenr2000-05-242-258/+746
|
* fix conflictsdarrenr2000-05-242-43/+78
|
* fix conflictsdarrenr2000-05-241-240/+753
|
* fix conflictsdarrenr2000-05-242-300/+611
|
* fix conflictsdarrenr2000-05-243-190/+578
|
* Change the way that the queue(3) structures are declared; don't assume thatjake2000-05-239-19/+19
| | | | | | | | the type argument to *_HEAD and *_ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd
* sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.dan2000-05-225-35/+10
| | | | Suggested by: des/nbm
* Add option ICMP_BANDLIM_SUPPRESS_OUTPUT to the mix. With this option,dan2000-05-221-0/+2
| | | | badport_bandlim() will not muck up your console with printf() messages.
* Compute the checksum before handing the packet off to IPFilter.jlemon2000-05-213-2/+11
| | | | Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
* Return ECONNRESET instead of EINVAL if the connection has been shotpeter2000-05-191-3/+3
| | | | | | | | down as a result of a reset. Returning EINVAL in that case makes no sense at all and just confuses people as to what happened. It could be argued that we should save the original address somewhere so that getsockname() etc can tell us what it used to be so we know where the problem connection attempts are coming from.
* snd_cwnd was updated twice in the tcp_newreno function.jayanth2000-05-182-2/+0
|
* Sigh, fix a rookie patch merge error.jayanth2000-05-172-6/+0
| | | | Also-missed-by: peter
* Cast sizeof() calls to be of type (int) when they appear in a signedjlemon2000-05-171-3/+4
| | | | | | | integer expression. Otherwise the sizeof() call will force the expression to be evaluated as unsigned, which is not the intended behavior. Obtained from: NetBSD (in a different form)
* snd_una was being updated incorrectly, this resulted in the newrenojayanth2000-05-162-6/+16
| | | | | | | code retransmitting data from the wrong offset. As a footnote, the newreno code was partially derived from NetBSD and Tom Henderson <tomh@cs.berkeley.edu>
* Do not call icmp_error() if ipfirewall(4) denied packet.ru2000-05-151-0/+4
| | | | PR: kern/10747, kern/18382
* Move code to handle BPF and bridging for incoming Ethernet packets outarchie2000-05-142-236/+175
| | | | | | | | | | | | | | | of the individual drivers and into the common routine ether_input(). Also, remove the (incomplete) hack for matching ethernet headers in the ip_fw code. The good news: net result of 1016 lines removed, and this should make bridging now work with *all* Ethernet drivers. The bad news: it's nearly impossible to test every driver, especially for bridging, and I was unable to get much testing help on the mailing lists. Reviewed by: freebsd-net
* Temporarily turn off the newreno flag until we can track down the knownjayanth2000-05-111-1/+1
| | | | data corruption problem.
* Revert the default behaviour for incoming connections sobrian2000-05-112-3/+3
| | | | | | | | that they (once again) go to the target machine rather than the alias address. PR: 18354 Submitted by: ru
* correct more out-of-bounds memory access, if cnt == 1 and optlen > 1.itojun2000-05-101-0/+4
| | | | similar to recent fix to sys/netinet/ipf.c (by darren).
* Fix bug in dealing with "hlen == 1 and opt > 1"darrenr2000-05-091-4/+10
|
* Add missing include machine/in_cksum.h.ps2000-05-092-0/+3
| | | | Submitted by: n_hibma
* Include machine/in_cksum.h to unbreak options MROUTING.ken2000-05-081-0/+1
|
* Add #include <machine/in_cksum.h>, in order to pick up the checksumjlemon2000-05-063-1/+4
| | | | inline functions and prototypes.
* Implement TCP NewReno, as documented in RFC 2582. This allowsjlemon2000-05-066-15/+163
| | | | | | | | better recovery for multiple packet losses in a single window. The algorithm can be toggled via the sysctl net.inet.tcp.newreno, which defaults to "on". Submitted by: Jayanth Vijayaraghavan <jayanth@yahoo-inc.com>
* Force the address of the socket to be INADDR_ANY immediately beforepaul2000-05-021-1/+13
| | | | | | | | calling in_pcbbind so that in_pcbbind sees a valid address if no address was specified (since divert sockets ignore them). PR: 17552 Reviewed by: Brian
* Remove an unnecessary error messageluigi2000-05-021-0/+2
|
OpenPOWER on IntegriCloud