summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Partial fix for when ipfw is used with bridging. Bridged packetsluigi1998-12-311-24/+22
| | | | | | | | | | | have all fields in network order, whereas ipfw expects some to be in host order. This resulted in some incorrect matching, e.g. some packets being identified as fragments, or bandwidth not being correctly enforced. NOTE: this only affects bridge+ipfw, normal ipfw usage was already correct). Reported-By: Dave Alden and others.
* Remove some unused variables.luigi1998-12-311-4/+4
|
* 'ip_fw_head' and 'M_IPFW' are also used in ip_dummynet so cannot beluigi1998-12-221-3/+3
| | | | | static... Reported by: Dave Alden
* Recover from previous dummynet screwupluigi1998-12-212-38/+71
|
* Restore 1.82->1.83 change deleted by mistake< per Bruce suggestionluigi1998-12-211-1/+2
|
* Add missing "break"s to allow multicast routing to work.fenner1998-12-161-1/+3
| | | | Submitted by: Amancio Hasty <hasty@rah.star-gate.com>
* Last bits (i think) of dummynet for -current.luigi1998-12-149-182/+503
|
* Reviewed by: freebsd-currentdillon1998-12-143-44/+192
| | | | | | | | | Add bounds checking to netbios NS packet resolving code. This should prevent natd from crashing on badly formed netbios packets (as might be heard when the machine is sitting on a cable modem or certain DSL networks), and also closes potential security holes that might have exploited the lack of bounds checking in the previous version of the code.
* PR: kern/8990dillon1998-12-121-1/+3
| | | | | | | | If timer calculation results in degenerate value (0), force it to 1 to avoid divide-by-zero panic later on in calls to IGMP_RANDOM_DELAY(). I considered simply adding 1 to the timer calculation, but was unsure if the calculation was part of the IGMP standard or not so did not want to mess with it for all cases.
* The "easy" fixes for compiling the kernel -Wunused: remove unreferenced staticarchie1998-12-079-44/+37
| | | | and local variables, goto labels, and functions declared but not defined.
* Clean up some pointer usage.eivind1998-12-071-2/+4
|
* Examine all occurrences of sprintf(), strcat(), and str[n]cpy()archie1998-12-043-12/+14
| | | | | | | | | | | | | | for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc. These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer. Reviewed by: Bruce Evans <bde@zeta.org.au> Reviewed by: Matthew Dillon <dillon@apollo.backplane.com> Reviewed by: Mike Spengler <mks@networkcs.com>
* Cleanup icmp_var.h, make icmp bandlim sysctl permanent but if ICMP_BANDLIMdillon1998-12-042-15/+19
| | | | | | | option not defined the sysctl int value is set to -1 and read-only. #ifdef KERNEL's added appropriately to wall off visibility of kernel routines from user code.
* Obtained from: "Andrey A. Chernov" <ache@nagual.pp.ru>dillon1998-12-041-1/+3
| | | | | Quick add #ifdef KERNEL for ICMP_BANDLIM option so userland program can #include icmp_var.h
* Reviewed by: freebsd-currentdillon1998-12-035-7/+120
| | | | | | | | | | | | | | Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option is specified in kernel config, icmplim defaults to 100 pps. Setting it to 0 will disable the feature. This feature limits ICMP error responses for packets sent to bad tcp or udp ports, which does a lot to help the machine handle network D.O.S. attacks. The kernel will report packet rates that exceed the limit at a rate of one kernel printf per second. There is one issue in regards to the 'tail end' of an attack... the kernel will not output the last report until some unrelated and valid icmp error packet is return at some point after the attack is over. This is a minor reporting issue only.
* Staticize some more.eivind1998-11-268-30/+30
|
* Fix a couple of typos.jdp1998-11-191-3/+3
|
* Remove stale references to ih_next and ih_prev.dfr1998-11-171-3/+1
| | | | Pointed out by: Roman V. Palagin <romanp@wuppy.rcs.ru>
* Make the previous fix more portable.dfr1998-11-161-4/+4
| | | | Requested by: bde
* The below patch helps to reduce the leakage of internal socket informationguido1998-11-152-4/+6
| | | | | | | when a TCP "stealth" scan is directed at a *BSD box by ensuring the window is 0 for all RST packets generated through tcp_respond() Reviewed by: Don Lewis <Don.Lewis@tsc.tdk.com> Obtained from: Bugtraq (from: Darren Reed <avalon@COOMBS.ANU.EDU.AU>)
* Fix printf format errors on alpha.dfr1998-11-151-4/+4
|
* Finished updating module event handlers to be compatible withbde1998-11-151-2/+2
| | | | modeventhand_t.
* Be sure to pullup entire IP header when dealing with fragment packets.dg1998-11-111-2/+2
|
* add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE()peter1998-11-101-1/+2
|
* Some optimisations to the fragment reassembly code.dfr1998-10-271-19/+14
| | | | Submitted by: Don Lewis <Don.Lewis@tsc.tdk.com>
* Fix a bug in the new fragment reassembly code which was tickled by recievingdfr1998-10-271-2/+2
| | | | | | a fragment which wholly overlapped one or more existing fragments. Submitted by: Don Lewis <Don.Lewis@tsc.tdk.com>
* *gulp*. Jordan specifically OK'ed this..peter1998-10-162-12/+51
| | | | | | | | This is the bulk of the support for doing kld modules. Two linker_sets were replaced by SYSINIT()'s. VFS's and exec handlers are self registered. kld is now a superset of lkm. I have converted most of them, they will follow as a seperate commit as samples. This all still works as a static a.out kernel using LKM's.
* Dike out some obsolete defines which referenced ih_next and ih_prev fromdfr1998-09-261-3/+1
| | | | | struct ipovly (they don't exist anymore because they don't work when pointers are 64bit).
* Fix the bind security fix introduced in rev 1.38 to work with multicast:fenner1998-09-171-3/+9
| | | | | | | | | | - Don't bother checking for conflicting sockets if we're binding to a multicast address. - Don't return an error if we're binding to INADDR_ANY, the conflicting socket is bound to INADDR_ANY, and the conflicting socket has SO_REUSEPORT set. PR: kern/7713
* Prevent modification of permanent ARP entries (PR kern/7649)fenner1998-09-171-4/+21
| | | | | Ignore ARP replies from the wrong interface (discussion on mailing list) Add interface name to a couple of error messages
* Turn off replies to ICMP echo requests for broadcast and multicastjkoshy1998-09-151-2/+2
| | | | | | | | | | | | | addresses by default. Add a knob "icmp_bmcastecho" to "rc.network" to allow this behaviour to be controlled from "rc.conf". Document the controlling sysctl variable "net.inet.icmp.bmcastecho" in sysctl(3). Reviewed by: dg, jkh Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>
* Bring in new files for dummynet supportluigi1998-09-122-0/+709
|
* Fix RST validation.wollman1998-09-112-84/+224
| | | | | PR: 7892 Submitted by: Don.Lewis@tsc.tdk.com
* Ensure that m_nextpkt is set to NULL after reassembling fragments.dfr1998-09-101-1/+3
|
* RFC 1644 has the status "Experimental Protocol", which means:phk1998-09-062-4/+4
| | | | | | | | | | 4.1.4. Experimental Protocol A system should not implement an experimental protocol unless it is participating in the experiment and has coordinated its use of the protocol with the developer of the protocol. Pointed out by: Steinar Haug <sthaug@nethelp.no>
* Widen and change the layout of the IPFW structures flag element.phk1998-09-021-29/+29
| | | | | | This will allow us to add dummynet to 3.0 Recompile /sbin/ipfw AND your kernel.
* Properly fragment multicast packets.wollman1998-09-021-1/+2
| | | | | PR: 7802 Submitted by: Steve McCanne <mccanne@cs.berkeley.edu>
* Remove OpenBSD build support - let the Makefile vary perbrian1998-08-311-10/+5
| | | | | | | | OS rather than making it a mess and potentially screwing up cross builds. Suggested by: bde Add Id keyword.
* Add OpenBSD build supportbrian1998-08-301-3/+9
|
* Re-implement tcp and ip fragment reassembly to not store pointers in thedfr1998-08-248-247/+210
| | | | | | ip header which can't work on alpha since pointers are too big. Reviewed by: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
* Yow! Completely change the way socket options are handled, eliminatingwollman1998-08-2312-664/+684
| | | | | | another specialized mbuf type in the process. Also clean up some of the cruft surrounding IPFW, multicast routing, RSVP, and other ill-explored corners.
* Fixed printf format errors.bde1998-08-173-42/+46
|
* Made some disgusting ifdefs even more disgusting to enable the supportbde1998-08-155-11/+11
| | | | | for `u_long cmd' ioctl args if __FreeBSD_version >= 300003. Some ioctls were broken on machines with 32-bit ints and 64-bit longs.
* Fixed printf format errors (ntohl() returns in_addr_t = u_int32_t != longbde1998-08-111-5/+6
| | | | | on some 64-bit systems). print_ip() should use inet_ntoa() instead of bloated inline code with 4 ntohl()s.
* Converted the last instance of hzto() to tvtohz().bde1998-08-051-3/+3
|
* Use explicitly sized types when digging through packet headers.dfr1998-08-031-9/+9
| | | | Reviewed by: Julian Elischer <julian@whistle.com>
* Fix a compile error if IPFIREWALL_FORWARD active without IPDIVERT.peter1998-08-011-3/+2
|
* update ATM driver. (base version: midway.c 1.67 --> 1.68)kjc1998-07-291-1/+2
| | | | | | | | | | | | | | | | | | | | | | | several new features are added: - support vc/vp shaping - support pvc shadow interface code cleanup: - remove WMAYBE related code. ENI WMAYBE DMA doen't work. - remove updating if_lastchange for every packet. - BPF related code is moved to midway.c as it should be. (bpfwrite should work if atm_pseudohdr and LLC/SNAP are prepended.) - BPF link type is changed to DLT_ATM_RFC1483. BPF now understands only LLC/SNAP!! (because bpf can't handle variable link header length.) It is recommended to use LLC/SNAP instead of NULL encapsulation for various reasons. (BPF, IPv6, interoperability, etc.) the code has been used for months in ALTQ and KAME IPv6. OKed by phk long time ago.
* Don't log ICMP type and subtype for non-zero offset packet fragments.alex1998-07-181-2/+5
|
* Removed a bogus forward struct declaration.bde1998-07-131-4/+4
| | | | Cleaned up ifdefs.
OpenPOWER on IntegriCloud