summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
...
* Finally fix rev. 1.256glebius2006-09-052-6/+8
| | | | Pointy hat to: glebius
* Remove extra parenthesis in last commit.glebius2006-09-052-4/+4
| | | | Nitpicked by: ru
* - Make net.inet.tcp.maxtcptw modifiable at run time.glebius2006-09-052-14/+56
| | | | | - If net.inet.tcp.maxtcptw was ever set explicitly, do not change it if kern.ipc.maxsockets is changed.
* Fix typo in comment.thomas2006-09-041-1/+1
|
* Recognise IPv6 PIM packets.jhay2006-08-311-0/+6
| | | | MFC after: 1 week
* Fix for a bug that causes the computation of "len" in tcp_output() tomohans2006-08-262-0/+8
| | | | | get messed up, resulting in an inconsistency between the TCP state and so_snd.
* comply with style policejulian2006-08-182-6/+8
| | | | | Submitted by: ru MFC after: 1 month
* Allow ipfw to forward to a destination that is specified by a table.julian2006-08-172-7/+25
| | | | | | | | | | | | | | | | | for example: fwd tablearg ip from any to table(1) where table 1 has entries of the form: 1.1.1.0/24 10.2.3.4 208.23.2.0/24 router2 This allows trivial implementation of a secondary routing table implemented in the firewall layer. I expect more work (under discussion with Glebius) to follow this to clean up some of the messy parts of ipfw related to tables. Reviewed by: Glebius MFC after: 1 month
* Remove the IPFIREWALL_FORWARD_EXTENDED option and make it on by default as ↵julian2006-08-173-23/+6
| | | | | | | | | | | | | | | it always was in older versions of FreeBSD. This option is pointless as it is needed in just about every interesting usage of forward that I have ever seen. It doesn't make the system any safer and just wastes huge amounts of develper time when the system doesn't behave as expected when code is moved from 4.x to 6.x It doesn't make the system any safer and just wastes huge amounts of develper time when the system doesn't behave as expected when code is moved from 4.x to 6.x or 7.x Reviewed by: glebius MFC after: 1 week
* Fixes an edge case bug in timewait handling where ticks rolling over causingmohans2006-08-116-9/+8
| | | | | the timewait expiry to be exactly 0 corrupts the timewait queues (and that entry). Reviewed by: silby
* With exception of the if_name() macro, all definitions in net_osdep.hbrooks2006-08-042-4/+0
| | | | | | | | were unused or already in if_var.h so add if_name() to if_var.h and remove net_osdep.h along with all references to it. Longer term we may want to kill off if_name() entierly since all modern BSDs have if_xname variables rendering it unnecessicary.
* Remove useless NULL pointer check: we are using M_WAITOK flag for memoryoleg2006-08-041-4/+0
| | | | | | | | allocation. Submitted by: Andrey Elsukov <bu7cher at yandex dot ru> Approved by: glebius (mentor) MFC after: 1 week
* Move soisdisconnected() in tcp_discardcb() to one of its calling contexts,rwatson2006-08-022-24/+14
| | | | | | | | | | | tcp_twstart(), but not to the other, tcp_detach(), as the socket is already being torn down and therefore there are no listeners. This avoids a panic if kqueue state is registered on the socket at close(), and eliminates to XXX comments. There is one case remaining in which tcp_discardcb() reaches up to the socket layer as part of the TCP host cache, which would be good to avoid. Reported by: Goran Gajic <ggajic at afrodita dot rcub dot bg dot ac dot yu>
* Do not leak memory while flushing rules.oleg2006-08-021-2/+3
| | | | | | Noticed by: yar Approved by: glebius (mentor) MFC after: 1 week
* Change semantics of socket close and detach. Add a new protocol switchrwatson2006-07-215-148/+178
| | | | | | | | | | | | | | | | | | | function, pru_close, to notify protocols that the file descriptor or other consumer of a socket is closing the socket. pru_abort is now a notification of close also, and no longer detaches. pru_detach is no longer used to notify of close, and will be called during socket tear-down by sofree() when all references to a socket evaporate after an earlier call to abort or close the socket. This means detach is now an unconditional teardown of a socket, whereas previously sockets could persist after detach of the protocol retained a reference. This faciliates sharing mutexes between layers of the network stack as the mutex is required during the checking and removal of references at the head of sofree(). With this change, pru_detach can now assume that the mutex will no longer be required by the socket layer after completion, whereas before this was not necessarily true. Reviewed by: gnn
* Fix race conditions on enumerating pcb lists by moving the initializationups2006-07-188-24/+90
| | | | | | | | | | | | | | | ( and where appropriate the destruction) of the pcb mutex to the init/finit functions of the pcb zones. This allows locking of the pcb entries and race condition free comparison of the generation count. Rearrange locking a bit to avoid extra locking operation to update the generation count in in_pcballoc(). (in_pcballoc now returns the pcb locked) I am planning to convert pcb list handling from a type safe to a reference count model soon. ( As this allows really freeing the PCBs) Reviewed by: rwatson@, mohans@ MFC after: 1 week
* Revise network interface cloning to take an optional opaquesam2006-07-091-2/+2
| | | | | | | | | parameter that can specify configuration parameters: o rev cloner api's to add optional parameter block o add SIOCCREATE2 that accepts parameter data o rev vlan support to use new api (maintain old code) Reviewed by: arch@
* Make in-kernel multicast protocols for pfsync and carp work after enablingmlaier2006-07-081-0/+5
| | | | | | | | dynamic resizing of multicast membership array. Reported and testing by: Maxim Konovalov, Scott Ullrich Reminded by: thompsa MFC after: 2 weeks
* Remove unneeded mac.h include.rwatson2006-07-061-1/+0
| | | | MFC after: 3 days
* Complete timebase (time_second -> time_uptime) conversion.oleg2006-07-051-4/+4
| | | | | | PR: kern/94249 Reviewed by: andre (few months ago) Approved by: glebius (mentor)
* o Kill BUGS section as it is not valid since rev. 1.4 alias_pptp.c.maxim2006-07-041-6/+1
| | | | | Spotted by: ru.unix.bsd activists MFC after: 1 week
* There is a consensus that ifaddr.ifa_addr should never be NULL,yar2006-06-293-7/+1
| | | | | | | | | | except in places dealing with ifaddr creation or destruction; and in such special places incomplete ifaddrs should never be linked to system-wide data structures. Therefore we can eliminate all the superfluous checks for "ifa->ifa_addr != NULL" and get ready to the system crashing honestly instead of masking possible bugs. Suggested by: glebius, jhb, ru
* Use TAILQ_FOREACH consistently.yar2006-06-291-2/+1
|
* Fix URL to Bellovin's paper.glebius2006-06-291-1/+1
| | | | Submitted by: Anton Yuzhaninov <citrin rambler-co.ru>
* Eliminate the offset argument from send_reject. It's not beenbz2006-06-291-9/+7
| | | | | | | | used since FreeBSD-SA-06:04.ipfw. Adopt send_reject6 to what had been done for legacy IP: no longer send or permit sending rejects for any but the first fragment. Discussed with: oleg, csjp (some weeks ago)
* Use INPLOOKUP_WILDCARD instead of just 1 more consistently.bz2006-06-294-8/+14
| | | | OKed by: rwatson (some weeks ago)
* - Use suser_cred(9) instead of directly checking cr_uid.pjd2006-06-271-2/+2
| | | | | | | - Change the order of conditions to first verify that we actually need to check for privileges and then eventually check them. Reviewed by: rwatson
* In syncache_respond() do not reply with a MSS that is larger than whatandre2006-06-261-0/+2
| | | | | | the peer announced to us but make it at least tcp_minmss in size. Sponsored by: TCP/IP Optimization Fundraise 2005
* Some cleanups and janitorial work to tcp_syncache:andre2006-06-263-45/+35
| | | | | | | | | | | | | | | | | o don't assign remote/local host/port information manually between provided struct in_conninfo and struct syncache, bcopy() it instead o rename sc_tsrecent to sc_tsreflect in struct syncache to better capture the purpose of this field o rename sc_request_r_scale to sc_requested_r_scale for ditto reasons o fix IPSEC error case printf's to report correct function name o in syncache_socket() only transpose enhanced tcp options parameters to struct tcpcb when the inpcb doesn't has TF_NOOPT set o in syncache_respond() reorder stack variables o in syncache_respond() remove bogus KASSERT() No functional changes. Sponsored by: TCP/IP Optimization Fundraise 2005
* Some cleanups and janitorial work to tcp_dooptions():andre2006-06-263-41/+58
| | | | | | | | | | | | | | | | o redefine the parameter 'is_syn' to 'flags', add TO_SYN flag and adjust its usage accordingly o update the comments to the tcp_dooptions() invocation in tcp_input():after_listen to reflect reality o move the logic checking the echoed timestamp out of tcp_dooptions() to the only place that uses it next to the invocation described in the previous item o adjust parsing of TCPOPT_SACK_PERMITTED to use the same style as the others o add comments in to struct tcpopt.to_flags #defines No functional changes. Sponsored by: TCP/IP Optimization Fundraise 2005
* Reverse the source/destination parameters to in[6]_pcblookup_hash() inandre2006-06-261-2/+2
| | | | | | syncache_respond() for the #ifdef MAC case. Submitted by: Tai-hwa Liang <avatar-at-mmlab.cse.yzu.edu.tw>
* In tcp6_usr_attach(), return immediately if SS_ISDISCONNECTED, torwatson2006-06-261-4/+2
| | | | | | | avoid dereferencing an uninitialized inp variable. Submitted by: Michiel Boland <michiel at boland dot org> MFC after: 1 month
* Decrement the global syncache counter in syncache_expand() when the entryandre2006-06-251-0/+1
| | | | is removed from the bucket. This fixes the syncache statistics.
* Move the syncookie MD5 context from globals to the stack to make it MP safe.andre2006-06-221-2/+2
|
* - Pullup even when the extention header is unknown, to preventume2006-06-221-1/+13
| | | | | | | | | | | infinite loop with net.inet6.ip6.fw.deny_unknown_exthdrs=0. - Teach ipv6 and ipencap as they appear in an IPv4/IPv6 over IPv6 tunnel. - Test the next extention header even when the routing header type is unknown with net.inet6.ip6.fw.deny_unknown_exthdrs=0. Found by: xcast-fan-club MFC after: 1 week
* Allocate a zero'ed syncache hashtable. mtx_init() tests the suppliedandre2006-06-201-1/+1
| | | | | | | | memory location for already existing/initialized mutexes. With random data in the memory location this fails (ie. after a soft reboot). Reported by: brueffer, YAMAMOTO Shigeru Submitted by: YAMAMOTO Shigeru <shigeru-at-iij.ad.jp>
* When we receive an out-of-window SYN for an "ESTABLISHED" connection,dwmalone2006-06-192-0/+4
| | | | | | | | | ACK the SYN as required by RFC793, rather than ignoring it. NetBSD have had a similar change since 1999. PR: 93236 Submitted by: Grant Edwards <grante@visi.com> MFC after: 1 month
* Remove T/TCP RFC1644 Connection Count comparison macros. They are no longerandre2006-06-181-13/+0
| | | | | | used and needed. Sponsored by: TCP/IP Optimization Fundraise 2005
* Do not access syncache entry before it was allocated for the TF_NOOPT caseandre2006-06-181-3/+4
| | | | | | | in syncache_add(). Found by: Coverity Prevent CID: 1473
* Move all syncache related structures to tcp_syncache.c. They are only usedandre2006-06-182-39/+39
| | | | | | | | there. This unbreaks userland programs that include tcp_var.h. Discussed with: rwatson
* Remove double lock acquisition in syncookie_lookup() which came from lastandre2006-06-181-1/+0
| | | | | | minute conversions to macros. Pointy hat to: andre
* Fix the !INET6 compile.andre2006-06-171-2/+4
| | | | Reported by: alc
* Rearrange fields in struct syncache and syncache_head to make them moreandre2006-06-171-5/+6
| | | | | | cache line friendly. Sponsored by: TCP/IP Optimization Fundraise 2005
* ANSIfy and tidy up comments.andre2006-06-171-52/+23
| | | | Sponsored by: TCP/IP Optimization Fundraise 2005
* Add locking to TCP syncache and drop the global tcpinfo lock as earlyandre2006-06-174-272/+312
| | | | | | | | | | | | | | | | | | as possible for the syncache_add() case. The syncache timer no longer aquires the tcpinfo lock and timeout/retransmit runs can happen in parallel with bucket granularity. On a P4 the additional locks cause a slight degression of 0.7% in tcp connections per second. When IP and TCP input are deserialized and can run in parallel this little overhead can be neglected. The syncookie handling still leaves room for improvement and its random salts may be moved to the syncache bucket head structures to remove the second lock operation currently required for it. However this would be a more involved change from the way syncookies work at the moment. Reviewed by: rwatson Tested by: rwatson, ps (earlier version) Sponsored by: TCP/IP Optimization Fundraise 2005
* Add support of 'tablearg' feature for:oleg2006-06-151-15/+30
| | | | | | | | | | | | | | | | | | | - 'tag' & 'untag' action parameters. - 'tagged' & 'limit' rule options. Rule examples: pipe 1 tag tablearg ip from table(1) to any allow ip from any to table(2) tagged tablearg allow tcp from table(3) to any 25 setup limit src-addr tablearg sbin/ipfw/ipfw2.c: 1) new macros GET_UINT_ARG - support of 'tablearg' keyword, argument range checking. PRINT_UINT_ARG - support of 'tablearg' keyword. 2) strtoport(): do not silently truncate/accept invalid port list expressions like: '1,2-abc' or '1,2-3-4' or '1,2-3x4'. style(9) cleanup. Approved by: glebius (mentor) MFC after: 1 month
* install_state(): style(9) cleanupoleg2006-06-151-33/+36
| | | | | Approved by: glebius (mentor) MFC after: 1 month
* Enable proxy ARP answers on any of the bridged interfaces if proxy recordthompsa2006-06-091-3/+6
| | | | | | | | belongs to another interface within the bridge group. PR: kern/94408 Submitted by: Eygene A. Ryabinkin MFC after: 1 month
* install_state() should properly initialize 'addr_type' field of newly createdoleg2006-06-081-0/+1
| | | | | | | | | flows for O_LIMIT rules. Otherwise 'ipfw -d show' is unable to display PARENT rules properly. (This bug was exposed by ipfw2.c rev.1.90) Approved by: glebius (mentor) MFC after: 2 weeks
* Fix following rules: pipe X (tag|altq) Y ...oleg2006-06-081-0/+4
| | | | | Approved by: glebius (mentor) MFC after: 2 weeks
OpenPOWER on IntegriCloud