summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* If vhid exists return more informative EEXIST instead of EINVAL. While hereglebius2005-03-181-3/+2
| | | | remove redundant brackets.
* Fix a potential crash that could occur when CARP_LOG is being used.glebius2005-03-181-2/+1
| | | | Obtained from: OpenBSD (pat)
* plug resource leaksam2005-03-161-1/+3
| | | | Noticed by: Coverity Prevent analysis tool
* In tcp_usr_send(), broaden coverage of the socket buffer lock in therwatson2005-03-141-1/+4
| | | | | | | non-OOB case so that the sbspace() check is performed under the same lock instance as the append to the send socket buffer. MFC after: 1 week
* Embrace with #ifdef DEV_CARP carp-related code.glebius2005-03-131-2/+7
|
* Add antifootshooting workaround, which will make all routes "connected"glebius2005-03-101-0/+6
| | | | | to carp(4) interfaces host routes. This prevents a problem, when connected network is routed to carp(4) interface.
* Add limits on the number of elements in the sack scoreboard bothps2005-03-092-3/+42
| | | | | | | | per-connection and globally. This eliminates potential DoS attacks where SACK scoreboard elements tie up too much memory. Submitted by: Raja Mukerji (raja at moselle dot com). Reviewed by: Mohan Srinivasan (mohans at yahoo-inc dot com).
* Make ARP do not complain about wrong interface if correct interfaceglebius2005-03-091-7/+14
| | | | | | is a carp one and address matched it. Reviewed by: brooks
* Fix a problem in the Skinny ALG where a specially crafted packet could causemarcus2005-03-031-4/+4
| | | | | | | | | a libalias application (e.g. natd, ppp, etc.) to crash. Note: Skinny support is not enabled in natd or ppp by default. Approved by: secteam (nectar) MFC after: 1 day Secuiryt: This fixes a remote DoS exploit
* Fix typo. Unbreak build. Take pointy hat.glebius2005-03-021-1/+1
|
* Add more locking when reading/writing to carp softc. When carp softc isglebius2005-03-011-31/+140
| | | | | | | | | | | | | | attached to a parent interface we use its mutex to lock the softc. This means that in several places like carp_ioctl() we lock softc conditionaly. This should be redesigned. To avoid LORs when MII announces us a link state change, we schedule a quick callout and call carp_carpdev_state_locked() from it. Initialize callouts using NET_CALLOUT_MPSAFE. Sponsored by: Rambler Reviewed by: mlaier
* - Add carp_mtx. Use it to protect list of all carp interfaces.glebius2005-03-011-18/+20
| | | | | | | | - In carp_send_ad_all() walk through list of all carp interfaces instead of walking through list of all interfaces. Sponsored by: Rambler Reviewed by: mlaier
* Use NET_CALLOUT_MPSAFE macro.glebius2005-03-016-25/+17
|
* Revert change to struct ifnet. Use ifnet pointer in softc. Embeddingglebius2005-03-011-1/+1
| | | | | | ifnet into smth will soon be removed. Requested by: brooks
* Remove debugging printf.glebius2005-03-011-1/+0
| | | | Reviewed by: mlaier
* Support running carp(4) over a vlan(4) parent interface.yar2005-02-281-1/+2
| | | | Encouraged by: glebius
* Remove unused field from carp softc.glebius2005-02-281-3/+0
| | | | OK'ed by: mcbride@OpenBSD
* Fix tcpdump(8) on carp(4) interface:glebius2005-02-281-16/+5
| | | | | | | | | | | | - Use our loop DLT type, not OpenBSD. [1] - The fields that are converted to network byte order are not 32-bit fields but 16-bit fields, so htons should be used in htonl. [1] - Secondly, ip_input changes ip->ip_len into its value without the ip-header length. So, restore the length to make bpf happy. [1] - Use bpf_mtap2(), use temporary af1, since bpf_mtap2 doesn't understand uint8_t af identifier. Submitted by: Frank Volf [1]
* If the receiver sends an ack that is out of [snd_una, snd_max],ps2005-02-271-0/+3
| | | | | | | | ignore the sack options in that segment. Else we'd end up corrupting the scoreboard. Found by: Raja Mukerji (raja at moselle dot com) Submitted by: Mohan Srinivasan
* Unbreak the build. carp_iamatch6 and carp_macmatch6 are not supposed to bemlaier2005-02-271-2/+2
| | | | static as they are used elsewhere.
* Remove carp_softc.sc_ifp member in favor of union pointers in struct ifnet.glebius2005-02-261-21/+21
| | | | Obtained from: OpenBSD
* Staticize local functions.glebius2005-02-261-53/+53
|
* New lines when logging.glebius2005-02-251-17/+18
|
* Embrace macros with do {} while (0)glebius2005-02-251-2/+4
| | | | Submitted by: maxim
* Call carp_carpdev_state() from carp_set_addr6(). See log for rev 1.4.glebius2005-02-251-1/+1
| | | | Sponsored by: Rambler
* Improve logging:glebius2005-02-251-38/+52
| | | | | | | | | | | | - Simplify CARP_LOG() and making it working (we don't have addlog in FreeBSD). - Introduce CARP_DEBUG() which logs with LOG_DEBUG severity when net.inet.carp.log > 1 - Use CARP_DEBUG to log state changes of carp interfaces. After CARP_LOG() cleanup it appeared that carp_input_c() does not need sc argument. Remove it. Sponsored by: Rambler
* Fix problem when master comes up with one interface down, and preemptsglebius2005-02-241-2/+2
| | | | | | | | | | | | mastering on all other interfaces: - call carp_carpdev_state() on initialize instead of just setting to INIT - in carp_carpdev_state() check that interface is UP, instead of checking that it is not DOWN, because a rebooted machine may have interface in UNKNOWN state. Sponsored by: Rambler Obtained from: OpenBSD (partially)
* fix potential invalid index into ip_protox arraysam2005-02-231-2/+2
| | | | Noticed by: Coverity Prevent analysis tool
* Unbreak CARP build on 64-bit architectures.mux2005-02-231-1/+1
| | | | Tested on: sparc64
* Bring back the full packet destination manipulation for 'ipfw fwd'andre2005-02-222-1/+17
| | | | | | | | | | | | | | | | | | | | with the kernel compile time option: options IPFIREWALL_FORWARD_EXTENDED This option has to be specified in addition to IPFIRWALL_FORWARD. With this option even packets targeted for an IP address local to the host can be redirected. All restrictions to ensure proper behaviour for locally generated packets are turned off. Firewall rules have to be carefully crafted to make sure that things like PMTU discovery do not break. Document the two kernel options. PR: kern/71910 PR: kern/73129 MFC after: 1 week
* Remove promisc counter from parent interface in carp_clone_destroy(),glebius2005-02-221-0/+1
| | | | | | | | | | | | so that parent interface is not left in promiscous mode after carp interface is destroyed. This is not perfect, since promisc counter is added when carp interface is assigned an IP address. However, when address is removed parent interface is still in promiscuous mode. Only removal of carp interface removes promisc from parent. Same way in OpenBSD. Sponsored by: Rambler
* Add CARP (Common Address Redundancy Protocol), which allows multipleglebius2005-02-227-5/+2259
| | | | | | | | | | | | | hosts to share an IP address, providing high availability and load balancing. Original work on CARP done by Michael Shalayeff, with many additions by Marco Pfatschbacher and Ryan McBride. FreeBSD port done solely by Max Laier. Patch by: mlaier Obtained from: OpenBSD (mickey, mcbride)
* We can make code simplier after last change.glebius2005-02-221-2/+2
| | | | Noticed by: Andrew Thompson
* In in_pcbconnect_setup() jailed sockets are treated specially: if localglebius2005-02-221-0/+5
| | | | | | | | | | | | | | | address is not supplied, then jail IP is choosed and in_pcbbind() is called. Since udp_output() does not save local addr after call to in_pcbconnect_setup(), in_pcbbind() is called for each packet, and this is incorrect. So, we shall treat jailed sockets specially in udp_output(), we will save their local address. This fixes a long standing bug with broken sendto() system call in jails. PR: kern/26506 Reviewed by: rwatson MFC after: 2 weeks
* In in_pcbconnect_setup() remove a check that route points atglebius2005-02-221-4/+2
| | | | | | | | | loopback interface. Nobody have explained me sense of this check. It breaks connect() system call to a destination address which is loopback routed (e.g. blackholed). Reviewed by: silence on net@ MFC after: 2 weeks
* In the current world order, solisten() implements the state transition ofrwatson2005-02-211-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a socket from a regular socket to a listening socket able to accept new connections. As part of this state transition, solisten() calls into the protocol to update protocol-layer state. There were several bugs in this implementation that could result in a race wherein a TCP SYN received in the interval between the protocol state transition and the shortly following socket layer transition would result in a panic in the TCP code, as the socket would be in the TCPS_LISTEN state, but the socket would not have the SO_ACCEPTCONN flag set. This change does the following: - Pushes the socket state transition from the socket layer solisten() to to socket "library" routines called from the protocol. This permits the socket routines to be called while holding the protocol mutexes, preventing a race exposing the incomplete socket state transition to TCP after the TCP state transition has completed. The check for a socket layer state transition is performed by solisten_proto_check(), and the actual transition is performed by solisten_proto(). - Holds the socket lock for the duration of the socket state test and set, and over the protocol layer state transition, which is now possible as the socket lock is acquired by the protocol layer, rather than vice versa. This prevents additional state related races in the socket layer. This permits the dual transition of socket layer and protocol layer state to occur while holding locks for both layers, making the two changes atomic with respect to one another. Similar changes are likely require elsewhere in the socket/protocol code. Reported by: Peter Holm <peter@holm.cc> Review and fixes from: emax, Antoine Brodin <antoine.brodin@laposte.net> Philosophical head nod: gnn
* Remove 2 (SACK) fields from the tcpcb. These are only used by aps2005-02-174-20/+13
| | | | | | | function that is called from tcp_input(), so they oughta be passed on the stack instead of stuck in the tcpcb. Submitted by: Mohan Srinivasan
* Fix for a SACK (receiver) bug where incorrect SACK blocks areps2005-02-162-8/+10
| | | | | | | | reported to the sender - in the case where the sender sends data outside the window (as WinXP does :(). Reported by: Sam Jensen <sam at wand dot net dot nz> Submitted by: Mohan Srinivasan
* - Retransmit just one segment on initiation of SACK recovery.ps2005-02-143-42/+18
| | | | | | | | Remove the SACK "initburst" sysctl. - Fix bugs in SACK dupack and partialack handling that can cause large bursts while in SACK recovery. Submitted by: Mohan Srinivasan
* o Add handling of an IPv4-mapped IPv6 address.maxim2005-02-144-92/+196
| | | | | | | | | | | | | o Use SYSCTL_IN() macro instead of direct call of copyin(9). Submitted by: ume o Move sysctl_drop() implementation to sys/netinet/tcp_subr.c where most of tcp sysctls live. o There are net.inet[6].tcp[6].getcred sysctls already, no needs in a separate struct tcp_ident_mapping. Suggested by: ume
* Jump to common action checks after doing specific once. This fixes addingglebius2005-02-061-0/+5
| | | | | | of divert rules, which I break in previous commit. Pointy hat to: glebius
* o Implement net.inet.tcp.drop sysctl and userland part, tcpdrop(8)maxim2005-02-062-1/+93
| | | | | | | | | | | | utility: The tcpdrop command drops the TCP connection specified by the local address laddr, port lport and the foreign address faddr, port fport. Obtained from: OpenBSD Reviewed by: rwatson (locking), ru (man page), -current MFC after: 1 month
* Add a ng_ipfw node, implementing a quick and simple interface betweenglebius2005-02-053-0/+77
| | | | | | ipfw(4) and netgraph(4) facilities. Reviewed by: andre, brooks, julian
* teach scope of IPv6 address to net.inet6.tcp6.getcred.ume2005-02-042-8/+20
| | | | MFC after: 1 week
* Update an additional reference to the rate of ISN tick callouts that wasrwatson2005-01-312-2/+2
| | | | | | | | missed in tcp_subr.c:1.216: projected_offset must also reflect how often the tcp_isn_tick() callout will fire. MFC after: 2 weeks Submitted by: silby
* Change the state allocator from using regular malloc to usingcsjp2005-01-311-2/+7
| | | | | | | | | | a UMA zone instead. This should eliminate a bit of the locking overhead associated with with malloc and reduce the memory consumption associated with each new state. Reviewed by: rwatson, andre Silence on: ipfw@ MFC after: 1 week
* Have tcp_isn_tick() fire 100 times a second, rather than HZ times arwatson2005-01-302-2/+2
| | | | | | | | | second; since the default hz has changed to 1000 times a second, this resulted in unecessary work being performed. MFC after: 2 weeks Discussed with: phk, cperciva General head nod: silby
* Prefer (NULL) spelling of (0) for pointers.rwatson2005-01-301-9/+9
| | | | MFC after: 3 days
* Remove clause three from tcp_syncache.c license per permission ofrwatson2005-01-301-6/+3
| | | | McAfee. Update copyright to McAfee from NETA.
* Correctly move the packet header in ip_insertoptions().alc2005-01-231-1/+2
| | | | | | Reported by: Anupam Chanda Reviewed by: sam@ MFC after: 2 weeks
OpenPOWER on IntegriCloud