summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Don't try to include opt_ipfw.h in LKMsgpalmer1996-06-131-1/+3
| | | | Submitted by: Ollivier Robert <roberto@keltia.freenix.fr>
* Keep ether_type in network order for BPF to be consistent with otherdg1996-06-131-3/+3
| | | | | | | systems. Submitted by: Ted Lemon, Matt Thomas, and others. Retrofitted for -current by me.
* Convert ipfw to use opt_ipfw.hgpalmer1996-06-122-2/+7
|
* Clean up -Wunused warnings.gpalmer1996-06-121-3/+1
| | | | Reviewed by: bde
* Big sweep over ipfw, picking up where Poul left off:alex1996-06-092-83/+133
| | | | | | | | | | | | | | | | | | | - Log ICMP type during verbose output. - Added IPFIREWALL_VERBOSE_LIMIT option to prevent denial of service attacks via syslog flooding. - Filter based on ICMP type. - Timestamp chain entries when they are matched. - Interfaces can now be matched with a wildcard specification (i.e. will match any interface unit for a given name). - Prevent the firewall chain from being manipulated when securelevel is greater than 2. - Fixed bug that allowed the default policy to be deleted. - Ability to zero individual accounting entries. - Remove definitions of old_chk_ptr and old_ctl_ptr when compiling ipfw as a lkm. - Remove some redundant code shared between ip_fw_init and ipfw_load. Closes PRs: 1192, 1219, and 1267.
* Changed some memcpy()'s back to bcopy()'s.bde1996-06-085-13/+13
| | | | | | | gcc only inlines memcpy()'s whose count is constant and didn't inline these. I want memcpy() in the kernel go away so that it's obvious that it doesn't need to be optimized. Now it is only used for one struct copy in si.c.
* Instrument UDP PCB hashing to see how often the hash lookup is effectivewollman1996-06-052-2/+4
| | | | for incoming packets.
* Correct formula for TCP RTO calculation. Also try to do a better job inwollman1996-06-053-11/+7
| | | | | filling in a new PCB's rttvar (but this is not the last word on the subject). And get rid of `#ifdef RTV_RTT', it's been true for four years now...
* Fix a bug in the handling of the "persist" state which, under certainjdp1996-06-031-7/+12
| | | | | | | | | | circumstances, caused perfectly good connections to be dropped. This happened for connections over a LAN, where the retransmit timer calculation TCP_REXMTVAL(tp) returned 0. If sending was blocked by flow control for long enough, the old code dropped the connection, even though timely replies were being received for all window probes. Reviewed by: W. Richard Stevens <rstevens@noao.edu>
* Correct spelling error in commentgpalmer1996-06-021-2/+2
|
* More closely preserve the original operation of rresvport() when usingpeter1996-05-311-2/+3
| | | | IP_PORTRANGE_LOW.
* Conditionalize calls to IPFW code on COMPAT_IPFW. This is done slightlywollman1996-05-222-2/+20
| | | | | | | | | | | | | | unconventionally: If COMPAT_IPFW is not defined, or if it is defined to 1, enable; otherwise, disable. This means that these changes actually have no effect on anyone at the moment. (It just makes it easier for me to keep my code in sync.) In the future, the `not defined' part of the hack should be eliminated, but doing this now would require everyone to change their config files. The same conditionals need to be made in ip_input.c as well for this to ave any useful effect, but I'm not ready to do that right now.
* Fix an embarresing error on my part that made the IP_PORTRANGE optionspeter1996-05-211-1/+2
| | | | | return a failure code (even though it worked). This commit brought to you by the 'C' keyword "break".. :-)
* Make it possible to return more than one piece of control informationwollman1996-05-091-2/+34
| | | | | | | | (PR #1178). Define a new SO_TIMESTAMP socket option for datagram sockets to return packet-arrival timestamps as control information (PR #1179). Submitted by: Louis Mamakos <loiue@TransSys.com>
* Remove useless entries from the inetsw structure initiliser whichgpalmer1996-05-081-8/+8
| | | | | | only produced compile-time warnings. Reviewed/Tested by: Bill Fenner <fenner@parc.xerox.com>
* Clean up various compiler warnings. Most (if not all) were benigngpalmer1996-05-082-4/+14
| | | | Reviewed by: bde
* Several locations in sys/netinet/ip_fw.c are lacking or incorrectlyphk1996-05-061-14/+18
| | | | | | | use spl() functions. Reviewed by: phk Submitted by: Alex Nash <alex@zen.nash.org>
* Add three new route flags to help determine what sort of addresswollman1996-05-062-9/+43
| | | | | | | | | | | | | | | | | | | | | | the destination represents. For IP: - Iff it is a host route, RTF_LOCAL and RTF_BROADCAST indicate local (belongs to this host) and broadcast addresses, respectively. - For all routes, RTF_MULTICAST is set if the destination is multicast. The RTF_BROADCAST flag is used by ip_output() to eliminate a call to in_broadcast() in a common case; this gives about 1% in our packet-generation experiments. All three flags might be used (although they aren't now) to determine whether a packet can be forwarded; a given host route can represent a forwardable address if: (rt->rt_flags & (RTF_HOST | RTF_LOCAL | RTF_BROADCAST | RTF_MULTICAST)) == RTF_HOST Obviously, one still has to do all the work if a host route is not present, but this code allows one to cache the results of such a lookup if rtalloc1() is called without masking RTF_PRCLONING.
* Back out my stupid braino; I was thinking strlen and not sizeof.fenner1996-05-023-6/+6
|
* Size temp var correctly; buf[4*sizeof "123"] is not long enoughfenner1996-05-023-6/+6
| | | | to store "192.252.119.189\0".
* inet_ntoa buffer was evaluated twice in log_in_vain, fix it.ache1996-04-273-9/+21
| | | | Thanx to: jdp
* Delete #ifdef notdef blocks containing old method of srtt calculation.wollman1996-04-263-114/+3
| | | | Requested by: davidg
* Delete #if 0 block containing remnants of pre-MTU discovery rmx_mtuwollman1996-04-261-17/+1
| | | | initialization.
* Delete #if 0 block containing unused definitions for ARPANET/DDN IMPwollman1996-04-261-47/+1
| | | | and HYPERchannel link layers.
* Fixed in-line IP header checksumming. It was performed on the wrong headerbde1996-04-211-2/+2
| | | | in one case.
* Three speed-ups in the output path (two small, one substantial):wollman1996-04-181-39/+51
| | | | | | | | | | | | 1) Require all callers to pass a valid route pointer to ip_output() so that we don't have to check and allocate one off the stack as was done before. This eliminates one test and some stack bloat from the common (UDP and TCP) case. 2) Perform the IP header checksum in-line if it's of the usual length. This results in about a 5% speed-up in my packet-generation test. 3) Use ip_vhl field rather than ip_v and ip_hl bitfields.
* Define a few macros useful in the _IP_VHL case.wollman1996-04-181-1/+8
|
* Fix a warning by not referencing ip_output() as a pr_output() member.wollman1996-04-181-2/+2
|
* Always call ip_output() with a valid route pointer. For igmp, also get thewollman1996-04-182-17/+24
| | | | multicast option structure off the stack rather than malloc.
* Two fixes from Rich Stevens:dg1996-04-152-7/+10
| | | | | | | | | 1) Set the persist timer to help time-out connections in the CLOSING state. 2) Honor the keep-alive timer in the CLOSING state. This fixes problems with connections getting "stuck" due to incompletion of the final connection shutdown which can be a BIG problem on busy WWW servers.
* Eliminated sloppy common-style declarations. Now there are no duplicatedbde1996-04-132-4/+12
| | | | | | common labels for LINT. There are still some common declarations for the !KERNEL case in tcp_debug.h and spx_debug.h. trpt depends on the ones in tcp_debug.h.
* Fix a bogon I introduced with my last change.phk1996-04-121-2/+2
| | | | Submitted by: Andreas Klemm <andreas@knobel.gun.de>
* Logging UDP and TCP connection attempts should not be enabled by default.pst1996-04-093-6/+6
| | | | | | It's trivial to create a denial of service attack on a box so enabled. These messages, if enabled at all, must be rate-limited. (!)
* Added proper splnet protection while modifying the interface address list.dg1996-04-071-2/+17
| | | | | | | This fixes a panic that occurs when ifconfig ioctl(s) were interrupted by IP traffic at the wrong time - resulting in a NULL pointer dereference. This was originally noticed on a FreeBSD 1.0 system, but the problem still exists in current sources.
* Add a sysctl (net.inet.tcp.always_keepalive: 0) that when set will forcephk1996-04-041-2/+7
| | | | | | keepalive on all tcp sessions. Setsockopt(2) cannot override this setting. Maybe another one is needed that just changes the default for SO_KEEPALIVE ? Requested by: Joe Greco <jgreco@brasil.moneng.mei.com>
* Log TCP syn packets for ports we don't listen on.phk1996-04-043-5/+37
| | | | | | | | | Controlled by: sysctl net.inet.tcp.log_in_vain: 1 Log UDP syn packets for ports we don't listen on. Controlled by: sysctl net.inet.udp.log_in_vain: 1 Suggested by: Warren Toomey <wkt@cs.adfa.oz.au>
* Always pass a route structure when calling ip_output().wollman1996-04-031-2/+6
|
* Add feature for tcp "established".phk1996-04-035-54/+43
| | | | | Change interface between netinet and ip_fw to be more general, and thus hopefully also support other ip filtering implementations.
* Fix two cases where ia->ia_ifp could be NULL.phk1996-04-021-2/+4
|
* In tcp_respond(), check that ro->ro_rt is non-null before RTFREEingwollman1996-03-272-4/+4
| | | | it.
* Make rip_input() take the header lengthfenner1996-03-266-29/+20
| | | | | | Move ipip_input() and rsvp_input() prototypes to ip_var.h Remove unused prototype for rip_ip_input() from ip_var.h Remove unused variable *opts from rip_output()
* Add missing splx(s) in IP_MULTICAST_IFfenner1996-03-261-1/+2
| | | | Submitted by: Jim Binkley <jrb@cs.pdx.edu>
* Slight modification of RTO floor calculation.wollman1996-03-252-4/+4
|
* Check the validity of ia->ia_ifp before we dereference it.phk1996-03-251-2/+2
|
* Send ARP's for aliased subnets with the proper source address.fenner1996-03-232-17/+8
| | | | | | | Get rid of ac->ac_ipaddr and arpwhohas() since they assume that an interface has only one address. Obtained from: BSD/OS 2.1, via Rich Stevens <rstevens@noao.edu>
* Make sure tcp_respond() always calls ip_output() with a validwollman1996-03-222-2/+16
| | | | | route pointer. This has no effect in the current ip_output(), but my version requires that ip_output() always be passed a route.
* A number of performance-reducing flaws fixed based on commentswollman1996-03-223-7/+131
| | | | | | | | | | | | | | | | from Larry Peterson &co. at Arizona: - Header prediction for ACKs did not exclude Fast Retransmit/Recovery. - srtt calculation tended to get ``stuck'' and could never decrease when below 8. It still can't, but the scaling factors are adjusted so that this artifact does not cause as bad an effect on the RTO value as it used to. The paper also points out the incr/8 error that has been long since fixed, and the problems with ACKing frequency resulting from the use of options which I suspect to be fixed already as well (as part of the T/TCP work). Obtained from: Brakmo & Peterson, ``Performance Problems in BSD4.4 TCP''
* Allow SIOCGIFBRDADDR and SIOCGIFNETMASK to return information aboutfenner1996-03-151-5/+17
| | | | | aliases, if the alias address was passed in the struct ifreq. Default to first address on the list, for backwards compatibility.
* IGMPv2 routines rewritten, to be more compact and to fully complyfenner1996-03-146-296/+173
| | | | with the IGMPv2 Internet Draft (including Router Alert IP option)
* Fix ip option processing for raw IP sockets. This whole thing is a compromisepst1996-03-132-5/+14
| | | | | | | | | | | between ignoring options specified in the setsockopt call if IP_HDRINCL is set (the UCB choice when VJ's code was brought in) vs allowing them (what everyone else did, and what is assumed by programs everywhere...sigh). Also perform some checking of the passed down packet to avoid running off the end of a mbuf chain. Reviewed by: fenner
OpenPOWER on IntegriCloud