summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Fix a (long standing?) bug in ip_output(): if ip_insertoptions() iswpaul2001-10-301-1/+1
| | | | | | | | | | called and ip_output() encounters an error and bails (i.e. host unreachable), we will leak an mbuf. This is because the code calls m_freem(m0) after jumping to the bad: label at the end of the function, when it should be calling m_freem(m). (m0 is the original mbuf list _without_ the options mbuf prepended.) Obtained from: NetBSD
* Make sure the netmask always has an address family. This fixes Linuxdes2001-10-301-3/+4
| | | | | | | | | ifconfig, which expects the address returned by the SIOCGIFNETMASK ioctl to have a valid sa_family. Similar changes may be necessary for IPv6. While we're here, get rid of an unnecessary temp variable. MFC after: 2 weeks
* When dropping a packet because there is no room in the queue (which itselfjlemon2001-10-301-0/+1
| | | | | | is somewhat bogus), update the statistics to indicate something was dropped. PR: 13740
* A few more style changes picked up whilst working on an MFC to -stable.joe2001-10-291-2/+2
|
* Fix some whitespace, and a comment that I missed in the last commit.joe2001-10-291-3/+4
|
* Clean up the style of this header file.joe2001-10-291-186/+190
|
* fix int argument used in printf w/ %ld (cast to long)dillon2001-10-291-2/+3
|
* Don't use the ip_timestamp structure to access timestamp options, as thejlemon2001-10-251-29/+22
| | | | | | compiler may cause an unaligned access to be generated in some cases. PR: 30982
* If we are bridging, fall back to using any inet address in the system,jlemon2001-10-251-4/+9
| | | | | | irrespective of receive interface, as a last resort. Submitted by: ru
* Relocate the KASSERT for a null recvif to a location where it willjlemon2001-10-251-1/+1
| | | | | | actually do some good. Pointed out by: ru
* restore the data of the ip header when extended udp header and data checksumume2001-10-221-0/+3
| | | | | | | | is calculated. this caused some trouble in the code which the ip header is not modified. for example, inbound policy lookup failed. Obtained from: KAME MFC after: 1 week
* Only examine inet addresses of the interface. This was broken in r1.83,jlemon2001-10-201-2/+4
| | | | with the result that the system would reply to an ARP request of 0.0.0.0
* Pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2.ru2001-10-174-13/+11
| | | | | | | | | | | | | | | | | | | | Have sys/net/route.c:rtrequest1(), which takes ``rt_addrinfo *'' as the argument. Pass rt_addrinfo all the way down to rtrequest1 and ifa->ifa_rtrequest. 3rd argument of ifa->ifa_rtrequest is now ``rt_addrinfo *'' instead of ``sockaddr *'' (almost noone is using it anyways). Benefit: the following command now works. Previously we needed two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0 Remove unsafe typecast in rtrequest(), from ``rtentry *'' to ``sockaddr *''. It was introduced by 4.3BSD-Reno and never corrected. Obtained from: BSD/OS, NetBSD MFC after: 1 month PR: kern/28360
* bring in ARP support for variable length link level addressesfjoe2001-10-142-101/+157
| | | | | | | Reviewed by: jdp Approved by: jdp Obtained from: NetBSD MFC after: 6 weeks
* - Combine kern.ps_showallprocs and kern.ipc.showallsockets intorwatson2001-10-094-11/+11
| | | | | | | | | | | | | | | | | | | | | | | a single kern.security.seeotheruids_permitted, describes as: "Unprivileged processes may see subjects/objects with different real uid" NOTE: kern.ps_showallprocs exists in -STABLE, and therefore there is an API change. kern.ipc.showallsockets does not. - Check kern.security.seeotheruids_permitted in cr_cansee(). - Replace visibility calls to socheckuid() with cr_cansee() (retain the change to socheckuid() in ipfw, where it is used for rule-matching). - Remove prison_unpcb() and make use of cr_cansee() against the UNIX domain socket credential instead of comparing root vnodes for the UDS and the process. This allows multiple jails to share the same chroot() and not see each others UNIX domain sockets. - Remove unused socheckproc(). Now that cr_cansee() is used universally for socket visibility, a variety of policies are more consistently enforced, including uid-based restrictions and jail-based restrictions. This also better-supports the introduction of additional MAC models. Reviewed by: ps, billf Obtained from: TrustedBSD Project
* Add a flag TF_LASTIDLE, that forces a previously idle connectionjayanth2001-10-052-1/+9
| | | | | | | | | | | to send all its data, especially when the data is less than one MSS. This fixes an issue where the stack was delaying the sending of data, eventhough there was enough window to send all the data and the sending of data was emptying the socket buffer. Problem found by Yoshihiro Tsuchiya (tsuchiya@flab.fujitsu.co.jp) Submitted by: Jayanth Vijayaraghavan
* Only allow users to see their own socket connections ifps2001-10-055-8/+23
| | | | | | | | | kern.ipc.showallsockets is set to 0. Submitted by: billf (with modifications by me) Inspired by: Dave McKay (aka pm aka Packet Magnet) Reviewed by: peter MFC after: 2 weeks
* Make it so dummynet and bridge can be loaded as modules.ps2001-10-056-119/+102
| | | | Submitted by: billf
* in_ifinit apparently can be used to rewrite an ip address; recalculatejlemon2001-10-011-1/+5
| | | | | | the correct hash bucket for the entry. Submitted by: iedowse (with some munging by me)
* Fix a problem with unnumbered rules introduced in latest commit.luigi2001-10-011-3/+3
| | | | Reported by: des
* mdoc(7) police: Use the new .In macro for #include statements.ru2001-10-011-3/+3
|
* Add __FBSDID's to libaliasdillon2001-09-3010-21/+32
|
* Nuke unused (and incorrect) #define of INADDR_HMASK.jlemon2001-09-291-1/+0
| | | | Spotted by: ru
* Make the INADDR_TO_IFP macro use the IP address hash lookup instead ofjlemon2001-09-291-1/+1
| | | | | | walking the entire list of IP addresses. Pointed out by: bfumerola
* Add a hash table that contains the list of internet addresses, and usejlemon2001-09-296-63/+113
| | | | | this in place of the in_ifaddr list when appropriate. This improves performance on hosts which have a large number of IP aliases.
* Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h>jlemon2001-09-295-11/+6
| | | | Remove local definitions.
* Two main changes here:luigi2001-09-276-252/+333
| | | | | | | | | | | | | | | + implement "limit" rules, which permit to limit the number of sessions between certain host pairs (according to masks). These are a special type of stateful rules, which might be of interest in some cases. See the ipfw manpage for details. + merge the list pointers and ipfw rule descriptors in the kernel, so the code is smaller, faster and more readable. This patch basically consists in replacing "foo->rule->bar" with "rule->bar" all over the place. I have been willing to do this for ages! MFC after: 1 week
* Remove unused (and duplicate) struct ip_opts which is never used,luigi2001-09-271-12/+0
| | | | | | | | | | | | | | | not referenced in Stevens, and does not compile with g++. There is an equivalent structure, struct ipoption in ip_var.h which is actually used in various parts of the kernel, and also referenced in Stevens. Bill Fenner also says: ... if you want the trivia, struct ip_opts was introduced in in.h SCCS revision 7.9, on 6/28/1990, by Mike Karels. struct ipoption was introduced in ip_var.h SCCS revision 6.5, on 9/16/1985, by... Mike Karels. MFC-after: 3 days
* Include sys/proc.h for the definition of securelevel_ge().brooks2001-09-261-0/+1
| | | | Submitted by: LINT
* o Modify IPFW and DUMMYNET administrative setsockopt() calls to userwatson2001-09-262-5/+13
| | | | | | | securelevel_gt() to check the securelevel, rather than direct access to the securelevel variable. Obtained from: TrustedBSD Project
* Make faith loadable, unloadable, and clonable.brooks2001-09-254-28/+4
|
* Fix a null pointer dereference introduced in the last commit, plusluigi2001-09-241-6/+4
| | | | | | remove a useless assignment and move a comment. Submitted by: Thomas Moestl
* Fixed the bug that prevented communication with FTP servers behindru2001-09-211-3/+4
| | | | | | | | | | | | | | | NAT in extended passive mode if the server's public IP address was different from the main NAT address. This caused a wrong aliasing link to be created that did not route the incoming packets back to the original IP address of the server. natd -v -n pub0 -redirect_address localFTP publicFTP Note that even if localFTP == publicFTP, one still needs to supply the -redirect_address directive. It is needed as a helper because extended passive mode's 229 reply does not contain the IP address. MFC after: 1 week
* o Rename u_cansee() to cr_cansee(), making the name more comprehensiblerwatson2001-09-203-5/+5
| | | | | | in the face of a rename of ucred to cred, and possibly generally. Obtained from: TrustedBSD Project
* A bunch of minor changes to the code (see below) for readability, code sizeluigi2001-09-202-310/+339
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and speed. No new functionality added (yet) apart from a bugfix. MFC will occur in due time and probably in stages. BUGFIX: fix a problem in old code which prevented reallocation of the hash table for dynamic rules (there is a PR on this). OTHER CHANGES: minor changes to the internal struct for static and dynamic rules. Requires rebuild of ipfw binary. Add comments to show how data structures are linked together. (It probably makes no sense to keep the chain pointers separate from actual rule descriptors. They will be hopefully merged soon. keep a (sysctl-readable) counter for the number of static rules, to speed up IP_FW_GET operations initial support for a "grace time" for expired connections, so we can set timeouts for closing connections to much shorter times. merge zero_entry() and resetlog_entry(), they use basically the same code. clean up and reduce replication of code for removing rules, both for readability and code size. introduce a separate lifetime for dynamic UDP rules. fix a problem in old code which prevented reallocation of the hash table for dynamic rules (PR ...) restructure dynamic rule descriptors introduce some local variables to avoid multiple dereferencing of pointer chains (reduces code size and hopefully increases speed).
* Fixed comment: ipip_input -> mroute_encapcheck.sumikawa2001-09-201-1/+1
| | | | Reported by: bde
* Removed ipip_input(). No codes calls it anymore due to ip_encap.c'ssumikawa2001-09-181-4/+0
| | | | encapsulation support.
* KSE Milestone 2julian2001-09-1213-95/+95
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Remove some un-needed code that was accidentally included injulian2001-09-071-15/+0
| | | | | | the 2nd previous KAME patch. Submitted by: SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* Patches from KAME to remove usage of Varargs in existingjulian2001-09-072-13/+4
| | | | | | | IPV4 code. For now they will still have some in the developing stuff (IPv6) Submitted by: Keiichi SHIMA / <keiichi@iij.ad.jp> Obtained from: KAME
* Wrap array accesses in macros, which also happen to be lvalues:jlemon2001-09-063-4/+4
| | | | | | | ifnet_addrs[i - 1] -> ifaddr_byindex(i) ifindex2ifnet[i] -> ifnet_byindex(i) This is intended to ease the conversion to SMPng.
* Fix sysctl comment field, s/the the/then thealfred2001-09-041-1/+1
| | | | Pointed out by: ru
* Allow disabling of "arp moved" messages.alfred2001-09-031-6/+12
| | | | Submitted by: Stephen Hurd <deuce@lordlegacy.org>
* I really hope this is the right answer.julian2001-09-031-1/+3
| | | | | call ip_input directly but take the offset off the packet first if it's an IPV4 packet encapsulated.
* Call ip_input() instead of ipip_input()julian2001-09-031-1/+8
| | | | | when decoding encapsulated ipv4 packets. (allows line to compile again)
* One caller of rip_input failed to be converted in the last commit.julian2001-09-031-1/+1
|
* Patches from Keiichi SHIMA <keiichi@iij.ad.jp>julian2001-09-0318-58/+58
| | | | | | to make ip use the standard protosw structure again. Obtained from: Well, KAME I guess.
* when newreno is turned on, if dupacks = 1 or dupacks = 2 andjayanth2001-08-292-0/+4
| | | | | | | | | new data is acknowledged, reset the dupacks to 0. The problem was spotted when a connection had its send buffer full because the congestion window was only 1 MSS and was not being incremented because dupacks was not reset to 0. Obtained from: Yahoo!
* When net.inet.tcp.icmp_may_rst is enabled, report ECONNREFUSED not ENETRESETjesper2001-08-271-1/+1
| | | | | | | | | | to the application as a RST would, this way we're compatible with the most applications. MFC candidate. Submitted by: Scott Renfro <scott@renfro.org> Reviewed by: Mike Silbersack <silby@silby.com>
* the IP_FW_GET code in ip_fw_ctl() sizes a buffer to hold informationbillf2001-08-261-0/+3
| | | | | | | | | | | | | | | | | about rules and dynamic rules. it later fills this buffer with these rules. it also takes the opporunity to compare the expiration of the dynamic rules with the current time and either marks them for deletion or simply charges the countdown. unfortunatly it does this all (the sizing, the buffer copying, and the expiration GC) with no spl protection whatsoever. it was possible for the dynamic rule(s) to be ripped out from under the request before it had completed, resulting in corrupt memory dereferencing. Reviewed by: ps MFC before: 4.4-RELEASE, hopefully.
OpenPOWER on IntegriCloud