summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* - Make ip_rtaddr() global, and use it to look up the correct sourceru2001-11-304-42/+35
| | | | | | | | | address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. PR: kern/31575 Obtained from: BSD/OS MFC after: 1 week
* ipfw_modevent(): Don't use an unnatural block to define a variabledd2001-11-271-3/+0
| | | | | | | (fcp) that's already defined in the outer block and isn't used anywhere else. This silences -Wunused. Reviewed by: md5(1)
* Remove debugging printfs that weren't conditional on any debuggingdd2001-11-271-2/+0
| | | | options in handling MOD_{UN,}LOAD (they weren't very useful, anyway).
* In icmp_reflect(): If the packet was not addressed to us and wasdd2001-11-271-2/+15
| | | | | | | | | | | | received on an interface without an IP address, try to find a non-loopback AF_INET address to use. If that fails, drop it. Previously, we used the address at the top of the in_ifaddrhead list, which didn't make much sense, and would cause a panic if there were no AF_INET addresses configured on the system. PR: 29337, 30524 Reviewed by: ru, jlemon Obtained from: NetBSD
* Add include of net/route.h, as structures moved around due to therwatson2001-11-271-0/+1
| | | | | syncache rely on 'struct route' being defined. This fixes the LINT build some.
* Clear a new syncache entry first, followed by filling in values. Thistanimura2001-11-271-4/+4
| | | | fixes route breakage due to uncleared gabage on my box.
* When servicing an internal FTP server, punch ipfirewall(4) holesru2001-11-271-5/+2
| | | | | | | | | for passive mode data connections (PASV/EPSV -> 227/229). Well, the actual punching happens a bit later, when the aliasing link becomes fully specified. Prodded by: Danny Carroll <dannycarroll@hotmail.com> MFC after: 1 week
* Restore the ability to use IP_FW_ADD with setsockopt(2) that gotru2001-11-261-0/+1
| | | | | | | broken in revision 1.86. This broke natd(8)'s -punch_fw option. Reported by: Daniel Rock <D.Rock@t-online.de>, setantae <setantae@submonkey.net>
* Fixed a buffer overrun. In my kernel configuration, tcp_syncache happensbde2001-11-231-1/+1
| | | | | | to be followed by nfsnodehashtbl, so bzeroing callouts beyond the end of tcp_syncache soon caused a null pointer panic when nfsnodehashtbl was accessed.
* Introduce a syncache, which enables FreeBSD to withstand a SYN floodjlemon2001-11-2210-1066/+1909
| | | | | | | DoS in an improved fashion over the existing code. Reviewed by: silby (in a previous iteration) Sponsored by: DARPA, NAI Labs
* Move initialization of snd_recover into tcp_sendseqinit().jlemon2001-11-213-3/+1
|
* Give struct socket structures a ref counting interface similar todillon2001-11-171-1/+1
| | | | | | | vnodes. This will hopefully serve as a base from which we can expand the MP code. We currently do not attempt to obtain any mutex or SX locks, but the door is open to add them when we nail down exactly how that part of it is going to work.
* o Replace reference to 'struct proc' with 'struct thread' in 'structrwatson2001-11-085-15/+17
| | | | | | | | | | | | | | | sysctl_req', which describes in-progress sysctl requests. This permits sysctl handlers to have access to the current thread, permitting work on implementing td->td_ucred, migration of suser() to using struct thread to derive the appropriate ucred, and allowing struct thread to be passed down to other code, such as network code where td is not currently available (and curproc is used). o Note: netncp and netsmb are not updated to reflect this change, as they are not currently KSE-adapted. Reviewed by: julian Obtained from: TrustedBSD Project
* - Fixes non-zero'd out sin_zero field problem so that the paddingarr2001-11-061-0/+1
| | | | | | | | is used as it is supposed to be. Inspired by: PR #31704 Approved by: jdp Reviewed by: jhb, -net@
* 3.5 years ago Wollman wrote:phk2001-11-052-240/+0
| | | | | | | "[...] and removes the hostcache code from standard kernels---the code that depends on it is not going to happen any time soon, I'm afraid." Time to clean up.
* MFS: sync the ipfw/dummynet/bridge code with the one recently mergedluigi2001-11-047-126/+157
| | | | into stable (mostly , but not only, formatting and comments changes).
* s/FREE/free/luigi2001-11-041-1/+1
|
* cmott@scientech.com -> cm@linktel.netbrian2001-11-039-10/+10
| | | | Requested by: Charles Mott <cmott@scientech.com>
* Fix a (long standing?) bug in ip_output(): if ip_insertoptions() iswpaul2001-10-301-1/+1
| | | | | | | | | | called and ip_output() encounters an error and bails (i.e. host unreachable), we will leak an mbuf. This is because the code calls m_freem(m0) after jumping to the bad: label at the end of the function, when it should be calling m_freem(m). (m0 is the original mbuf list _without_ the options mbuf prepended.) Obtained from: NetBSD
* Make sure the netmask always has an address family. This fixes Linuxdes2001-10-301-3/+4
| | | | | | | | | ifconfig, which expects the address returned by the SIOCGIFNETMASK ioctl to have a valid sa_family. Similar changes may be necessary for IPv6. While we're here, get rid of an unnecessary temp variable. MFC after: 2 weeks
* When dropping a packet because there is no room in the queue (which itselfjlemon2001-10-301-0/+1
| | | | | | is somewhat bogus), update the statistics to indicate something was dropped. PR: 13740
* A few more style changes picked up whilst working on an MFC to -stable.joe2001-10-291-2/+2
|
* Fix some whitespace, and a comment that I missed in the last commit.joe2001-10-291-3/+4
|
* Clean up the style of this header file.joe2001-10-291-186/+190
|
* fix int argument used in printf w/ %ld (cast to long)dillon2001-10-291-2/+3
|
* Don't use the ip_timestamp structure to access timestamp options, as thejlemon2001-10-251-29/+22
| | | | | | compiler may cause an unaligned access to be generated in some cases. PR: 30982
* If we are bridging, fall back to using any inet address in the system,jlemon2001-10-251-4/+9
| | | | | | irrespective of receive interface, as a last resort. Submitted by: ru
* Relocate the KASSERT for a null recvif to a location where it willjlemon2001-10-251-1/+1
| | | | | | actually do some good. Pointed out by: ru
* restore the data of the ip header when extended udp header and data checksumume2001-10-221-0/+3
| | | | | | | | is calculated. this caused some trouble in the code which the ip header is not modified. for example, inbound policy lookup failed. Obtained from: KAME MFC after: 1 week
* Only examine inet addresses of the interface. This was broken in r1.83,jlemon2001-10-201-2/+4
| | | | with the result that the system would reply to an ARP request of 0.0.0.0
* Pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2.ru2001-10-174-13/+11
| | | | | | | | | | | | | | | | | | | | Have sys/net/route.c:rtrequest1(), which takes ``rt_addrinfo *'' as the argument. Pass rt_addrinfo all the way down to rtrequest1 and ifa->ifa_rtrequest. 3rd argument of ifa->ifa_rtrequest is now ``rt_addrinfo *'' instead of ``sockaddr *'' (almost noone is using it anyways). Benefit: the following command now works. Previously we needed two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0 Remove unsafe typecast in rtrequest(), from ``rtentry *'' to ``sockaddr *''. It was introduced by 4.3BSD-Reno and never corrected. Obtained from: BSD/OS, NetBSD MFC after: 1 month PR: kern/28360
* bring in ARP support for variable length link level addressesfjoe2001-10-142-101/+157
| | | | | | | Reviewed by: jdp Approved by: jdp Obtained from: NetBSD MFC after: 6 weeks
* - Combine kern.ps_showallprocs and kern.ipc.showallsockets intorwatson2001-10-094-11/+11
| | | | | | | | | | | | | | | | | | | | | | | a single kern.security.seeotheruids_permitted, describes as: "Unprivileged processes may see subjects/objects with different real uid" NOTE: kern.ps_showallprocs exists in -STABLE, and therefore there is an API change. kern.ipc.showallsockets does not. - Check kern.security.seeotheruids_permitted in cr_cansee(). - Replace visibility calls to socheckuid() with cr_cansee() (retain the change to socheckuid() in ipfw, where it is used for rule-matching). - Remove prison_unpcb() and make use of cr_cansee() against the UNIX domain socket credential instead of comparing root vnodes for the UDS and the process. This allows multiple jails to share the same chroot() and not see each others UNIX domain sockets. - Remove unused socheckproc(). Now that cr_cansee() is used universally for socket visibility, a variety of policies are more consistently enforced, including uid-based restrictions and jail-based restrictions. This also better-supports the introduction of additional MAC models. Reviewed by: ps, billf Obtained from: TrustedBSD Project
* Add a flag TF_LASTIDLE, that forces a previously idle connectionjayanth2001-10-052-1/+9
| | | | | | | | | | | to send all its data, especially when the data is less than one MSS. This fixes an issue where the stack was delaying the sending of data, eventhough there was enough window to send all the data and the sending of data was emptying the socket buffer. Problem found by Yoshihiro Tsuchiya (tsuchiya@flab.fujitsu.co.jp) Submitted by: Jayanth Vijayaraghavan
* Only allow users to see their own socket connections ifps2001-10-055-8/+23
| | | | | | | | | kern.ipc.showallsockets is set to 0. Submitted by: billf (with modifications by me) Inspired by: Dave McKay (aka pm aka Packet Magnet) Reviewed by: peter MFC after: 2 weeks
* Make it so dummynet and bridge can be loaded as modules.ps2001-10-056-119/+102
| | | | Submitted by: billf
* in_ifinit apparently can be used to rewrite an ip address; recalculatejlemon2001-10-011-1/+5
| | | | | | the correct hash bucket for the entry. Submitted by: iedowse (with some munging by me)
* Fix a problem with unnumbered rules introduced in latest commit.luigi2001-10-011-3/+3
| | | | Reported by: des
* mdoc(7) police: Use the new .In macro for #include statements.ru2001-10-011-3/+3
|
* Add __FBSDID's to libaliasdillon2001-09-3010-21/+32
|
* Nuke unused (and incorrect) #define of INADDR_HMASK.jlemon2001-09-291-1/+0
| | | | Spotted by: ru
* Make the INADDR_TO_IFP macro use the IP address hash lookup instead ofjlemon2001-09-291-1/+1
| | | | | | walking the entire list of IP addresses. Pointed out by: bfumerola
* Add a hash table that contains the list of internet addresses, and usejlemon2001-09-296-63/+113
| | | | | this in place of the in_ifaddr list when appropriate. This improves performance on hosts which have a large number of IP aliases.
* Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h>jlemon2001-09-295-11/+6
| | | | Remove local definitions.
* Two main changes here:luigi2001-09-276-252/+333
| | | | | | | | | | | | | | | + implement "limit" rules, which permit to limit the number of sessions between certain host pairs (according to masks). These are a special type of stateful rules, which might be of interest in some cases. See the ipfw manpage for details. + merge the list pointers and ipfw rule descriptors in the kernel, so the code is smaller, faster and more readable. This patch basically consists in replacing "foo->rule->bar" with "rule->bar" all over the place. I have been willing to do this for ages! MFC after: 1 week
* Remove unused (and duplicate) struct ip_opts which is never used,luigi2001-09-271-12/+0
| | | | | | | | | | | | | | | not referenced in Stevens, and does not compile with g++. There is an equivalent structure, struct ipoption in ip_var.h which is actually used in various parts of the kernel, and also referenced in Stevens. Bill Fenner also says: ... if you want the trivia, struct ip_opts was introduced in in.h SCCS revision 7.9, on 6/28/1990, by Mike Karels. struct ipoption was introduced in ip_var.h SCCS revision 6.5, on 9/16/1985, by... Mike Karels. MFC-after: 3 days
* Include sys/proc.h for the definition of securelevel_ge().brooks2001-09-261-0/+1
| | | | Submitted by: LINT
* o Modify IPFW and DUMMYNET administrative setsockopt() calls to userwatson2001-09-262-5/+13
| | | | | | | securelevel_gt() to check the securelevel, rather than direct access to the securelevel variable. Obtained from: TrustedBSD Project
* Make faith loadable, unloadable, and clonable.brooks2001-09-254-28/+4
|
* Fix a null pointer dereference introduced in the last commit, plusluigi2001-09-241-6/+4
| | | | | | remove a useless assignment and move a comment. Submitted by: Thomas Moestl
OpenPOWER on IntegriCloud