summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Fix warnings in preparation for adding -Wall -Wcast-qual to thedillon1999-01-277-20/+20
| | | | kernel compile
* Move kernel-only declarations to within #ifdef KERNELarchie1999-01-231-4/+9
| | | | Prompted by: gcc warnings when compiling /sbin/ipfw
* Don't forward unicast packets received via link-layer multicast.wollman1999-01-221-2/+2
| | | | | Suggested by: fenner Original complaint: Shiva Shenoy <Shiva.Shenoy@yagosys.com>
* Add a flag, passed to pru_send routines, PRUS_MORETOCOME. Thisfenner1999-01-203-21/+28
| | | | | | | | | flag means that there is more data to be put into the socket buffer. Use it in TCP to reduce the interaction between mbuf sizes and the Nagle algorithm. Based on: "Justin C. Walker" <justin@apple.com>'s description of Apple's fix for this problem.
* Fix bug in last commit (la was used uninitialized if no route was passed in).fenner1999-01-191-2/+2
|
* Use dynamic memory allocation instead of mbuf's for multicast routingfenner1999-01-182-103/+86
| | | | | | | | | | state. Note: this requires a recompilation of netstat (but netstat has been broken since rev 1.52 of ip_mroute.c anyway) Obtained from: Significantly based on Steve McCanne's <mccanne@cs.berkeley.edu> work for BSD/OS
* Rename igmp's MALLOC; it doesn't have anything to do with multicast routing.fenner1999-01-181-3/+3
|
* If arpresolve() gets passed a route with a null llinfo, callfenner1999-01-181-2/+2
| | | | | | | arplookup() to try again. This gets rid of at least one user's "arpresolve: can't allocate llinfo" errors, and arplookup() gives better error messages to help track down the problem if there really is a problem with the routing table.
* ... _and_ the (void*) casts for %p. Next, I'll forget my own name :-(eivind1999-01-121-3/+3
|
* Avoid unnecessary GCCism - I hadn't noticed the __unused macro.eivind1999-01-121-2/+3
|
* * Print pointers using the correct type (%p) instead of %x.eivind1999-01-121-6/+8
| | | | | * Use the correct type for timeout function. * Add missing #include.
* Add #ifdef's to avoid unused label warning in some cases.eivind1999-01-121-1/+3
|
* Remove unused statics.eivind1999-01-121-5/+1
|
* Add a missing bzero which could be the source of instabilityluigi1999-01-111-12/+21
| | | | | | | problems reported recently (the rtentry pointer in the dummynet queue was not initialized in all cases, resulting in spurious rt_refcnt decreases in the lucky cases, and memory trashing in other cases.
* Remove check from where arp replies are coming from -- when doing bridging,luigi1999-01-101-1/+3
| | | | interfaces are used in clusters so the check does not apply.
* If we can't open alias.log, don't try to write to thebrian1999-01-101-2/+4
| | | | | resulting NULL FILE *. PR: 9403
* Partial fix for when ipfw is used with bridging. Bridged packetsluigi1998-12-311-24/+22
| | | | | | | | | | | have all fields in network order, whereas ipfw expects some to be in host order. This resulted in some incorrect matching, e.g. some packets being identified as fragments, or bandwidth not being correctly enforced. NOTE: this only affects bridge+ipfw, normal ipfw usage was already correct). Reported-By: Dave Alden and others.
* Remove some unused variables.luigi1998-12-311-4/+4
|
* 'ip_fw_head' and 'M_IPFW' are also used in ip_dummynet so cannot beluigi1998-12-221-3/+3
| | | | | static... Reported by: Dave Alden
* Recover from previous dummynet screwupluigi1998-12-212-38/+71
|
* Restore 1.82->1.83 change deleted by mistake< per Bruce suggestionluigi1998-12-211-1/+2
|
* Add missing "break"s to allow multicast routing to work.fenner1998-12-161-1/+3
| | | | Submitted by: Amancio Hasty <hasty@rah.star-gate.com>
* Last bits (i think) of dummynet for -current.luigi1998-12-149-182/+503
|
* Reviewed by: freebsd-currentdillon1998-12-143-44/+192
| | | | | | | | | Add bounds checking to netbios NS packet resolving code. This should prevent natd from crashing on badly formed netbios packets (as might be heard when the machine is sitting on a cable modem or certain DSL networks), and also closes potential security holes that might have exploited the lack of bounds checking in the previous version of the code.
* PR: kern/8990dillon1998-12-121-1/+3
| | | | | | | | If timer calculation results in degenerate value (0), force it to 1 to avoid divide-by-zero panic later on in calls to IGMP_RANDOM_DELAY(). I considered simply adding 1 to the timer calculation, but was unsure if the calculation was part of the IGMP standard or not so did not want to mess with it for all cases.
* The "easy" fixes for compiling the kernel -Wunused: remove unreferenced staticarchie1998-12-079-44/+37
| | | | and local variables, goto labels, and functions declared but not defined.
* Clean up some pointer usage.eivind1998-12-071-2/+4
|
* Examine all occurrences of sprintf(), strcat(), and str[n]cpy()archie1998-12-043-12/+14
| | | | | | | | | | | | | | for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc. These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer. Reviewed by: Bruce Evans <bde@zeta.org.au> Reviewed by: Matthew Dillon <dillon@apollo.backplane.com> Reviewed by: Mike Spengler <mks@networkcs.com>
* Cleanup icmp_var.h, make icmp bandlim sysctl permanent but if ICMP_BANDLIMdillon1998-12-042-15/+19
| | | | | | | option not defined the sysctl int value is set to -1 and read-only. #ifdef KERNEL's added appropriately to wall off visibility of kernel routines from user code.
* Obtained from: "Andrey A. Chernov" <ache@nagual.pp.ru>dillon1998-12-041-1/+3
| | | | | Quick add #ifdef KERNEL for ICMP_BANDLIM option so userland program can #include icmp_var.h
* Reviewed by: freebsd-currentdillon1998-12-035-7/+120
| | | | | | | | | | | | | | Add ICMP_BANDLIM option and 'net.inet.icmp.icmplim' sysctl. If option is specified in kernel config, icmplim defaults to 100 pps. Setting it to 0 will disable the feature. This feature limits ICMP error responses for packets sent to bad tcp or udp ports, which does a lot to help the machine handle network D.O.S. attacks. The kernel will report packet rates that exceed the limit at a rate of one kernel printf per second. There is one issue in regards to the 'tail end' of an attack... the kernel will not output the last report until some unrelated and valid icmp error packet is return at some point after the attack is over. This is a minor reporting issue only.
* Staticize some more.eivind1998-11-268-30/+30
|
* Fix a couple of typos.jdp1998-11-191-3/+3
|
* Remove stale references to ih_next and ih_prev.dfr1998-11-171-3/+1
| | | | Pointed out by: Roman V. Palagin <romanp@wuppy.rcs.ru>
* Make the previous fix more portable.dfr1998-11-161-4/+4
| | | | Requested by: bde
* The below patch helps to reduce the leakage of internal socket informationguido1998-11-152-4/+6
| | | | | | | when a TCP "stealth" scan is directed at a *BSD box by ensuring the window is 0 for all RST packets generated through tcp_respond() Reviewed by: Don Lewis <Don.Lewis@tsc.tdk.com> Obtained from: Bugtraq (from: Darren Reed <avalon@COOMBS.ANU.EDU.AU>)
* Fix printf format errors on alpha.dfr1998-11-151-4/+4
|
* Finished updating module event handlers to be compatible withbde1998-11-151-2/+2
| | | | modeventhand_t.
* Be sure to pullup entire IP header when dealing with fragment packets.dg1998-11-111-2/+2
|
* add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE()peter1998-11-101-1/+2
|
* Some optimisations to the fragment reassembly code.dfr1998-10-271-19/+14
| | | | Submitted by: Don Lewis <Don.Lewis@tsc.tdk.com>
* Fix a bug in the new fragment reassembly code which was tickled by recievingdfr1998-10-271-2/+2
| | | | | | a fragment which wholly overlapped one or more existing fragments. Submitted by: Don Lewis <Don.Lewis@tsc.tdk.com>
* *gulp*. Jordan specifically OK'ed this..peter1998-10-162-12/+51
| | | | | | | | This is the bulk of the support for doing kld modules. Two linker_sets were replaced by SYSINIT()'s. VFS's and exec handlers are self registered. kld is now a superset of lkm. I have converted most of them, they will follow as a seperate commit as samples. This all still works as a static a.out kernel using LKM's.
* Dike out some obsolete defines which referenced ih_next and ih_prev fromdfr1998-09-261-3/+1
| | | | | struct ipovly (they don't exist anymore because they don't work when pointers are 64bit).
* Fix the bind security fix introduced in rev 1.38 to work with multicast:fenner1998-09-171-3/+9
| | | | | | | | | | - Don't bother checking for conflicting sockets if we're binding to a multicast address. - Don't return an error if we're binding to INADDR_ANY, the conflicting socket is bound to INADDR_ANY, and the conflicting socket has SO_REUSEPORT set. PR: kern/7713
* Prevent modification of permanent ARP entries (PR kern/7649)fenner1998-09-171-4/+21
| | | | | Ignore ARP replies from the wrong interface (discussion on mailing list) Add interface name to a couple of error messages
* Turn off replies to ICMP echo requests for broadcast and multicastjkoshy1998-09-151-2/+2
| | | | | | | | | | | | | addresses by default. Add a knob "icmp_bmcastecho" to "rc.network" to allow this behaviour to be controlled from "rc.conf". Document the controlling sysctl variable "net.inet.icmp.bmcastecho" in sysctl(3). Reviewed by: dg, jkh Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>
* Bring in new files for dummynet supportluigi1998-09-122-0/+709
|
* Fix RST validation.wollman1998-09-112-84/+224
| | | | | PR: 7892 Submitted by: Don.Lewis@tsc.tdk.com
* Ensure that m_nextpkt is set to NULL after reassembling fragments.dfr1998-09-101-1/+3
|
OpenPOWER on IntegriCloud