summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Convert tcp_fillheaders(tp, ...) -> tcpip_fillheaders(inp, ...) so thejlemon2003-02-195-82/+71
| | | | | | | | routine does not require a tcpcb to operate. Since we no longer keep template mbufs around, move pseudo checksum out of this routine, and merge it with the length update. Sponsored by: DARPA, NAI Labs
* Correct comments.jlemon2003-02-192-14/+8
|
* Clean up delayed acks and T/TCP interactions:jlemon2003-02-193-59/+58
| | | | | | | | - delay acks for T/TCP regardless of delack setting - fix bug where a single pass through tcp_input might not delay acks - use callout_active() instead of callout_pending() Sponsored by: DARPA, NAI Labs
* Back out M_* changes, per decision of the TRB.imp2003-02-1919-43/+43
| | | | Approved by: trb
* o Fix ipfw uid rules: socheckuid() returns 0 when uid matches a socketmaxim2003-02-171-2/+2
| | | | | | | | | | | | cr_uid. Note: we do not have socheckuid() in RELENG_4, ip_fw2.c uses its own macro for a similar purpose that is why ipfw2 in RELENG_4 processes uid rules correctly. I will MFC the diff for code consistency. Reported by: Oleg Baranov <ol@csa.ru> Reviewed by: luigi MFC after: 1 month
* Take advantage of pre-existing lock-free synchronization and type stable memoryhsu2003-02-153-11/+10
| | | | to avoid acquiring SMP locks during expensive copyout process.
* The protocol lock is always held in the dropafterack case, so we don'thsu2003-02-132-4/+4
| | | | need to check for it at runtime.
* in_pcbnotifyall() requires an exclusive protocol lock for notify functionshsu2003-02-121-7/+7
| | | | which modify the connection list, namely, tcp_notify().
* Properly document that syncache timer processing requires anhsu2003-02-121-3/+3
| | | | exclusive TCP protocol lock.
* s/IPSSEC/IPSEC/tanimura2003-02-111-1/+1
|
* Get cosmetic changes out of the way before I add routing table SMP locks.hsu2003-02-101-56/+47
|
* Avoid multiply for preemptive arp calculation since it hits everyorion2003-02-081-6/+7
| | | | | | ethernet packet sent. Prompted by: Jeffrey Hsu <hsu@FreeBSD.org>
* MFS 1.64.2.22: Re-enable non pre-emptive ARP requests.orion2003-02-041-14/+15
| | | | | Submitted by: "Diomidis Spinellis" <dds@aueb.gr> PR: kern/46116
* Add the TCP flags to the log message whenever log_in_vain is 1, notcjc2003-02-022-16/+6
| | | | | | | just when set to 2. PR: kern/43348 MFC after: 5 days
* Move a comment and optimize the frag timeout code a slight bit.silby2003-02-011-3/+3
| | | | | Submitted by: maxim MFC with: The previous two revisions
* FAST_IPSEC bandaid: act like KAME and ignore ENOENT error codes fromsam2003-01-301-0/+9
| | | | | | | ipsec4_process_packet; they happen when a packet is dropped because an SA acquire is initiated Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
* remove the restriction on build a kernel with FAST_IPSEC and INET6;sam2003-01-301-3/+0
| | | | | | you still don't want to use the two together, but it's ok to have them in the same kernel (the problem that initiated this bandaid has long since been fixed)
* Fix a bug with syncookies; previously, the syncache's MSS size was notsilby2003-01-291-2/+2
| | | | | | | | initialized until after a syncookie was generated. As a result, all connections resulting from a returned cookie would end up using a MSS of ~512 bytes. Now larger packets will be used where possible. MFC after: 5 days
* Check bounds for index before dereferencing memory past end of array.phk2003-01-281-1/+1
| | | | Found by: FlexeLint
* Avoid lock order reversal by expanding the scope of thehsu2003-01-281-15/+5
| | | | AF_INET radix tree lock to cover the ARP data structures.
* A few fixes to rev 1.221silby2003-01-281-9/+17
| | | | | | | | | - Honor the previous behavior of maxfragpackets = 0 or -1 - Take a better stab at fragment statistics - Move / correct a comment Suggested by: maxim@ MFC after: 7 days
* Merge the best parts of maxfragpackets and maxnipq together. (Bothsilby2003-01-261-13/+5
| | | | | | | | | | | functions implemented approximately the same limits on fragment memory usage, but in different fashions.) End user visible changes: - Fragment reassembly queues are freed in a FIFO manner when maxfragpackets has been reached, rather than all reassembly stopping. MFC after: 5 days
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-2119-43/+43
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* De-anonymity a couple of messages I missed in a previous sweep.maxim2003-01-201-2/+2
| | | | | | Move one of them under DEB macro. Noticed by: Wiktor Niesiobedzki <w@evip.pl>
* If the first action is O_LOG adjust a pointer to the real one, unbreaksmaxim2003-01-201-0/+2
| | | | | | | skipto + log rules. Reported by: Wiktor Niesiobedzki <w@evip.pl> MFC after: 1 week
* Optimize away call to bzero() in the common case by directly checkinghsu2003-01-181-6/+3
| | | | if a connection has any cached TAO information.
* Fix long-standing bug predating FreeBSD where calling connect() twicehsu2003-01-181-1/+3
| | | | on a raw ip socket will crash the system with a null-dereference.
* SMP locking for ARP.hsu2003-01-171-6/+21
|
* Introduce the ability to flag a sysctl for operation at secure level 2 or 3dillon2003-01-141-3/+3
| | | | | | | | | | | | in addition to secure level 1. The mask supports up to a secure level of 8 but only add defines through CTLFLAG_SECURE3 for now. As per the missif in the log entry for 1.11 of ip_fw2.c which added the secure flag to the IPFW sysctl's in the first place, change the secure level requirement from 1 to 3 now that we have support for it. Reviewed by: imp With Design Suggestions by: imp
* Fix NewReno.hsu2003-01-135-89/+94
| | | | Reviewed by: Tom Henderson <thomas.r.henderson@boeing.com>
* Clear the target hardware address field when generating an ARP request.tmm2003-01-101-0/+1
| | | | | Reviewed by: nectar MFC after: 1 week
* Validate inp before de-referencing it.hsu2003-01-051-1/+1
| | | | Submitted by: pb
* Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,schweikh2003-01-015-5/+5
| | | | especially in troff files.
* Correct mbuf packet header propagation. Previously, packet headerssam2002-12-301-1/+10
| | | | | | | | | | | | | | | | | | | | | | were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations. These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit. Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert. Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG. Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org>
* Remove the PAWS ack-on-ack debugging printf().dillon2002-12-302-10/+4
| | | | | | | | | | Note that the original RFC 1323 (PAWS) says in 4.2.1 that the out of order / reverse-time-indexed packet should be acknowledged as specified in RFC-793 page 69 then dropped. The original PAWS code in FreeBSD (1994) simply acknowledged the segment unconditionally, which is incorrect, and was fixed in 1.183 (2002). At the moment we do not do checks for SYN or FIN in addition to (tlen != 0), which may or may not be correct, but the worst that ought to happen should be a retry by the sender.
* correct style bogonssam2002-12-301-4/+2
|
* Bridged packets are supplied to the firewall with their IP headeriedowse2002-12-272-3/+14
| | | | | | | | | | in network byte order, but icmp_error() expects the IP header to be in host order and the code here did not perform the necessary swapping for the bridged case. This bug causes an "icmp_error: bad length" panic when certain length IP packets (e.g. ip_len == 0x100) are rejected by the firewall with an ICMP response. MFC after: 3 days
* Validate inp to prevent an use after free.hsu2002-12-243-2/+29
|
* o De-anonymity dummynet(4) and ipfw(4) messages, prepend themmaxim2002-12-242-45/+47
| | | | | | by 'dummynet: ' and 'ipfw: ' prefixes. PR: kern/41609
* SMP locking for radix nodes.hsu2002-12-241-0/+8
|
* Remove forgotten INP_UNLOCK(inp) in my previous commit.pb2002-12-221-1/+0
| | | | Reported by: hsu
* In syncache_timer(), don't attempt to lock the inpcb structurepb2002-12-211-2/+0
| | | | | | | | | associated with the syncache entry: in case tcp_close() has been called on the corresponding listening socket, the lock has been destroyed as a side effect of in_pcbdetach(), causing a panic when we attempt to lock on it. Reviewed by: hsu
* replace the special-purpose rate-limiting code with the general facilitysam2002-12-211-38/+28
| | | | | just added; this tries to maintain the same behaviour vis a vis printing the rate-limiting messages but need tweaking
* Eliminate a goto.hsu2002-12-201-39/+36
| | | | Fix some line breaks.
* Unravel a nested conditional.hsu2002-12-202-42/+24
| | | | Remove an unneeded local variable.
* Expand scope of TCP protocol lock to cover syncache data structures.hsu2002-12-201-2/+3
|
* o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} andbmilekic2002-12-192-3/+3
| | | | | | | | | | the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two). Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
* Lock up ifaddr reference counts.hsu2002-12-181-3/+5
|
* Remove unused and incorrectly maintained variable "in_interfaces"phk2002-12-171-4/+0
|
* Fix syntax in last commit.dillon2002-12-172-6/+6
|
OpenPOWER on IntegriCloud