| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
#ifdefs. Clean out unused netisr's and leftover netisr linker set gunk.
Tested on x86 and alpha, including world.
Approved by: jkh
|
|
|
|
| |
Approved-by: jordan
|
|
|
|
|
|
|
| |
CVS_FUBAR (which no longer exists) and thus forgot to add $FreeBSD's.
Add them.
Approved by: jkh (is part of ipfilter upgrade)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
standard API(RFC2553) require following files to be under sys/netinet.
netinet/ip6.h
netinet/icmp6.h
Now those header files just include each following files.
netinet6/ip6.h
netinet6/icmp6.h
Also KAME has netinet6/in6.h for easy INET6 common defs
sharing between different BSDs, but RFC2553 requires only
netinet/in.h should be included from userland.
So netinet/in.h also includes netinet6/in6.h inside.
To keep apps portability, apps should not directly include
above files from netinet6 dir.
Ideally, all contents of,
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h
should be moved into
netinet/ip6.h
netinet/icmp6.h
netinet/in.h
but to avoid big changes in this stage, add some hack, that
-Put some special macro define into those files under neitnet
-Let files under netinet6 cause error if it is included
from some apps, and, if the specifal macro define is not
defined.
(which should have been defined if files under netinet is
included)
-And let them print an error message which tells the
correct name of the include file to be included.
Also fix apps which includes invalid header files.
Approved by: jkh
Obtained from: KAME project
|
|
|
|
|
|
|
| |
so we can compile kernels without IPFIREWALL .
Reported-by: Robert Watson
Approved-by: jordan
|
|
|
|
|
|
| |
Revealed-by: diff with -STABLE version (the advantage of having
multiple lines of development...)
Approved-by: jordan
|
|
|
|
|
|
| |
the recent ipfw modifications.
Approved-by: jordan
|
|
|
|
|
|
|
|
| |
similar to ipfilter's keep-state.
Look at the updated ipfw(8) manpage for details.
Approved-by: jordan
|
|
|
|
|
|
|
|
| |
local modifications.
Also fix initializing fr_running in KLD case.
Rename ipl_inited to fr_runninhg in mlfk_ipl
Approved by: jkh
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
at the same time.
When rfc1323 and rfc1644 option are enabled by sysctl,
and tcp over IPv6 is tried, kernel panic happens by the
following check in tcp_output(), because now hdrlen is bigger
in such case than before.
/*#ifdef DIAGNOSTIC*/
if (max_linkhdr + hdrlen > MHLEN)
panic("tcphdr too big");
/*#endif*/
So change the above check to compare with MCLBYTES in #ifdef INET6 case.
Also, allocate a mbuf cluster for the header mbuf, in that case.
Bug reported at KAME environment.
Approved by: jkh
Reviewed by: sumikawa
Obtained from: KAME project
|
|
|
|
|
|
|
|
| |
dummynet (already fixed in -stable, was waiting for Jordan's
approval due to the code freeze).
Reported-By: Mike Tancsa
Approved-By: Jordan
|
|
|
|
|
|
|
| |
being defined as 0x40. Change the former to be 0x100.
Submitted by: Erik Salander <erik@whistle.com>
Approved by: jkh
|
|
|
|
| |
Prompted by: archie
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is fix to usr.sbin/trpt and tcp_debug.[ch]
I think of putting this after 4.0 but,,,
-There was bug that when INET6 is defined,
IPv4 socket is not traced by trpt.
-I received request from a person who distribute a program
which use tcp_debug interface and print performance statistics,
that
-leave comptibility with old program as much as possible
-use same interface with other OSes
So, I talked with itojun, and synced API with netbsd IPv6 extension.
makeworld check, kernel build check(includes GENERIC) is done.
But if there happen to any problem, please let me know and
I soon backout this change.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Drop all broadcast and multicast source addresses in tcp_input.
o Enable ICMP_BANDLIM in GENERIC.
o Change default to 200/s from 100/s. This will still stop the attack, but
is conservative enough to do this close to code freeze.
This is not the optimal patch for the problem, but is likely the least
intrusive patch that can be made for this.
Obtained from: Don Lewis and Matt Dillon.
Reviewed by: freebsd-security
|
|
|
|
|
|
|
| |
for an mbuf whose M_PKTHDR is set.
PR: related to kern/15175
Reviewed by: archie
|
|
|
|
|
|
|
|
| |
for IPv4 communication.(IPv4 mapped IPv6 addr.)
Also removed IPv6 hoplimit initialization because it is alway done at
tcp_output.
Confirmed by: Bernd Walter <ticso@cicely5.cicely.de>
|
|
|
|
|
|
|
|
|
|
|
| |
include this in all kernels. Declare some const *intrq_present
variables that can be checked by a module prior to using *intrq
to queue data.
Make the if_tun module capable of processing atm, ip, ip6, ipx,
natm and netatalk packets when TUNSIFHEAD is ioctl()d on.
Review not required by: freebsd-hackers
|
|
|
|
|
|
|
| |
-opt_ipsec.h was missing on some tcp files (sorry for basic mistake)
-made buildable as above fix
-also added some missing IPv4 mapped IPv6 addr consideration into
ipsec4_getpolicybysock
|
|
|
|
|
| |
By this bug, IPv6 reset was not sent.
(I checked around same kind of bug, but no other found.)
|
|
|
|
|
|
|
| |
This must be one of the reason why connections over IPsec hangs for
bigger packets.(which was reported on freebsd-current@freebsd.org)
But there still seems to be another bug and the problem is not yet fixed.
|
|
|
|
| |
Submitted by: bde
|
|
|
|
| |
Pointe out by: bde
|
|
|
|
| |
Reviewed by: marcel, and make world
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
is very likely to become consensus as recent ietf/ipng mailing list
discussion. Also recent KAME repository and other KAME patched BSDs
also applied it.
s/__ss_family/ss_family/
s/__ss_len/ss_len/
Makeworld is confirmed, and no application should be affected by this change
yet.
|
|
|
|
| |
on INET6 enabled environment.
|
| |
|
| |
|
|
|
|
|
|
|
| |
This fixes page fault panic observed when diverting packets
with IP options (e.g. ping -R remoteIP over natd).
PR: kern/8596, kern/11199
|
|
|
|
|
|
|
| |
also a small patch to sys/nfs/nfs_socket.c, as max_hdr size change.
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|
|
|
|
|
| |
Submitted by: luigi
Reviewed by: luigi
|
|
|
|
|
|
| |
is enabled.
Confirmed by: Eugene M. Kim <ab@astralblue.com>
|
|
|
|
|
|
|
| |
Support masks on TCP/UDP ports.
Minor cleanup of ip_fw_chk() to avoid repeated calls to PULLUP_TO
at each rule.
|
|
|
|
| |
as well. Also (probably) fix a bug introduced during the IPv6 import.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
now you can dynamically create rate-limited queues for different
flows using masks on dst/src IP, port and protocols.
Read the ipfw(8) manpage for details and examples.
Restructure the internals of the traffic shaper to use heaps,
so that it manages efficiently large number of queues.
Fix a bug which was present in the previous versions which could
cause, under certain unfrequent conditions, to send out very large
bursts of traffic.
All in all, this new code is much cleaner than the previous one and
should also perform better.
Work supported by Akamba Corp.
|
| |
|
|
|
|
|
|
| |
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot). This is consistant with the other
BSD's who made this change quite some time ago. More commits to come.
|
|
|
|
|
|
|
|
|
|
|
| |
desperation measure in low-memory situations), walk the tcpbs and
flush the reassembly queues.
This behaviour is currently controlled by the debug.do_tcpdrain sysctl
(defaults to on).
Submitted by: Bosko Milekic <bmilekic@dsuper.net>
Reviewed by: wollman
|
|
|
|
|
|
|
|
| |
pr_input() routines prototype is also changed to support IPSEC and IPV6
chained protocol headers.
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|
| |
|
| |
|
| |
|
|
|
|
| |
Reviewed by: truckman
|
|
|
|
|
|
|
|
|
|
|
| |
to print out protocol specific pcb info.
A patch submitted by guido@gvr.org, and asmodai@wxs.nl also reported
the problem.
Thanks and sorry for your troubles.
Submitted by: guido@gvr.org
Reviewed by: shin
|
|
|
|
|
|
|
| |
is within the receive window. Follow this behavior, instead of only
allowing resets at last_ack_sent.
Pointed out by: jayanth@yahoo-inc.com
|
|
|
|
| |
Submitted by: Erik Salander <erik@whistle.com>
|
|
|
|
| |
Submitted by: Erik Salander <erik@whistle.com>
|
|
|
|
| |
Specified by: eivind, phk
|
|
|
|
|
|
|
|
|
|
| |
packet divert at kernel for IPv6/IPv4 translater daemon
This includes queue related patch submitted by jburkhol@home.com.
Submitted by: queue related patch from jburkhol@home.com
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|