summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* De-register.mdodd2004-03-141-22/+22
|
* Lock down IP-layer encapsulation library:rwatson2004-03-101-51/+35
| | | | | | | | | | | | | | | | | - Add encapmtx to protect ip_encap.c global variables (encapsulation list). - Unifdef #ifdef 0 pieces of encap_init() which was (and now really is) basically a no-op. - Lock encapmtx when walking encaptab, modifying it, comparing entries, etc. - Remove spl's. Note that currently there's no facilite to make sure outstanding use of encapsulation methods on a table entry have drained bfore we allow a table entry to be removed. As such, it's currently the caller's responsibility to make sure that draining takes place. Reviewed by: mlaier
* Scrub unused variable zeroin_addr.rwatson2004-03-102-3/+0
|
* To comply with the spec, do not copy the TOS from the outer IPhsu2004-03-081-6/+6
| | | | | | | header to the inner IP header of the PIM Register if this is a PIM Null-Register message. Submitted by: Pavlin Radoslavov <pavlin@icir.org>
* Include <sys/types.h> for autoconf/automake detection.hsu2004-03-081-0/+2
| | | | Submitted by: Pavlin Radoslavov <pavlin@icir.org>
* Add some missing DUMMYNET_UNLOCK() in config_pipe().mlaier2004-03-031-2/+7
| | | | | Noticed by: Simon Coggins Approved by: bms(mentor)
* Two minor follow-ups on the MT_TAG removal:mlaier2004-03-021-3/+2
| | | | | | | | ifp is now passed explicitly to ether_demux; no need to look it up again. Make mtag a global var in ip_input. Noticed by: rwatson Approved by: bms(mentor)
* Rename NET_PICKUP_GIANT() to NET_LOCK_GIANT(), and NET_DROP_GIANT()rwatson2004-03-011-2/+2
| | | | | | | | | | | to NET_UNLOCK_GIANT(). While they are used in similar ways, the semantics are quite different -- NET_LOCK_GIANT() and NET_UNLOCK_GIANT() directly wrap mutex lock and unlock operations, whereas drop/pickup special case the handling of Giant recursion. Add a comment saying as much. Add NET_ASSERT_GIANT(), which conditionally asserts Giant based on the value of debug_mpsafenet.
* fix -O0 compilation without INET6.ume2004-03-012-4/+24
| | | | Pointed out by: ru
* Remove unneeded {} originally used to hold local variables for dummynetrwatson2004-02-281-2/+0
| | | | | | in a code block, as the variable is now gone. Submitted by: sam
* Remove now unneeded arguments to tcp_twrespond() -- so and msrc. Theserwatson2004-02-285-23/+7
| | | | | | were needed by the MAC Framework until inpcbs gained labels. Submitted by: sam
* Bring eventhandler callbacks for pf.mlaier2004-02-261-0/+5
| | | | | | | | This enables pf to track dynamic address changes on interfaces (dailup) with the "on (<ifname>)"-syntax. This also brings hooks in anticipation of tracking cloned interfaces, which will be in future versions of pf. Approved by: bms(mentor)
* Tweak existing header and other build infrastructure to be able to buildmlaier2004-02-264-4/+32
| | | | | | | pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor)
* Split the mlock() kernel code into two parts, mlock(), which unpackstruckman2004-02-264-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the syscall arguments and does the suser() permission check, and kern_mlock(), which does the resource limit checking and calls vm_map_wire(). Split munlock() in a similar way. Enable the RLIMIT_MEMLOCK checking code in kern_mlock(). Replace calls to vslock() and vsunlock() in the sysctl code with calls to kern_mlock() and kern_munlock() so that the sysctl code will obey the wired memory limits. Nuke the vslock() and vsunlock() implementations, which are no longer used. Add a member to struct sysctl_req to track the amount of memory that is wired to handle the request. Modify sysctl_wire_old_buffer() to return an error if its call to kern_mlock() fails. Only wire the minimum of the length specified in the sysctl request and the length specified in its argument list. It is recommended that sysctl handlers that use sysctl_wire_old_buffer() should specify reasonable estimates for the amount of data they want to return so that only the minimum amount of memory is wired no matter what length has been specified by the request. Modify the callers of sysctl_wire_old_buffer() to look for the error return. Modify sysctl_old_user to obey the wired buffer length and clean up its implementation. Reviewed by: bms
* Re-remove MT_TAGs. The problems with dummynet have been fixed now.mlaier2004-02-2514-403/+461
| | | | | Tested by: -current, bms(mentor), me Approved by: bms(mentor), sam
* Fixed namespace pollution in rev.1.74. Implementation of the syncachebde2004-02-251-1/+4
| | | | | | | | increased <netinet/tcp_var>'s already large set of prerequisites, and this was handled badly. Just don't declare the complete syncache struct unless <netinet/pcb.h> is included before <netinet/tcp_var.h>. Approved by: jlemon (years ago, for a more invasive fix)
* Don't use the negatively-opaque type uma_zone_t or be chummy withbde2004-02-251-3/+1
| | | | <vm/uma.h>'s idempotency indentifier or its misspelling.
* Relax a KASSERT condition to allow for a valid corner case wherehsu2004-02-252-4/+10
| | | | | | the FIN on the last segment consumes an extra sequence number. Spurious panic reported by Mike Silbersack <silby@silby.com>.
* Convert the tcp segment reassembly queue to UMA and limit the maximumandre2004-02-245-25/+174
| | | | | | | | | | | | | | | | | | | | | | | | amount of segments it will hold. The following tuneables and sysctls control the behaviour of the tcp segment reassembly queue: net.inet.tcp.reass.maxsegments (loader tuneable) specifies the maximum number of segments all tcp reassemly queues can hold (defaults to 1/16 of nmbclusters). net.inet.tcp.reass.maxqlen specifies the maximum number of segments any individual tcp session queue can hold (defaults to 48). net.inet.tcp.reass.cursegments (readonly) counts the number of segments currently in all reassembly queues. net.inet.tcp.reass.overflows (readonly) counts how often either the global or local queue limit has been reached. Tested by: bms, silby Reviewed by: bms, silby
* Fixed ucred structure leak.pjd2004-02-192-0/+4
| | | | | | Approved by: scottl (mentor) PR: 54163 MFC after: 3 days
* Backout MT_TAG removal (i.e. bring back MT_TAGs) for now, as dummynet ismlaier2004-02-1814-457/+400
| | | | | | not working properly with the patch in place. Approved by: bms(mentor)
* IPSEC and FAST_IPSEC have the same internal API now;ume2004-02-174-48/+22
| | | | | | so merge these (IPSEC has an extra ipsecstat) Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
* Shorten the name of the socket option used to enable TCP-MD5 packetbms2004-02-162-3/+3
| | | | | | treatment. Submitted by: Vincent Jardin
* don't update outgoing ifp, if ipsec tunnel mode encapsulationume2004-02-161-3/+5
| | | | | | was not made. Obtained from: KAME
* Spell types consistently throughout this file. Do not use the __packed ↵bms2004-02-161-4/+4
| | | | | | attribute, as we are often #include'd from userland without <sys/cdefs.h> in front of us, and it is not strictly necessary. Noticed by: Sascha Blank
* Final brucification pass. Spell types consistently (u_int). Remove bogusbms2004-02-143-3/+3
| | | | | | casts. Remove unnecessary parenthesis. Submitted by: bde
* Do not expose ip_dn_find_rule inline function to userland and unbreak world.mlaier2004-02-131-1/+1
| | | | ----------------------------------------------------------------------
* Do not check receive interface when pfil(9) hook changed address.mlaier2004-02-131-1/+1
| | | | Approved by: bms(mentor)
* This set of changes eliminates the use of MT_TAG "pseudo mbufs", replacingmlaier2004-02-1314-396/+453
| | | | | | | | | | | them mostly with packet tags (one case is handled by using an mbuf flag since the linkage between "caller" and "callee" is direct and there's no need to incur the overhead of a packet tag). This is (mostly) work from: sam Silence from: -arch Approved by: bms(mentor), sam, rwatson
* Brucification.bms2004-02-138-38/+43
| | | | Submitted by: bde
* supported IPV6_RECVPATHMTU socket option.ume2004-02-132-4/+4
| | | | Obtained from: KAME
* Update the prototype for tcpsignature_apply() to reflect the spelling ofbms2004-02-123-5/+5
| | | | | | the types used by m_apply()'s callback function, f, as documented in mbuf(9). Noticed by: njl
* style(9) pass; whitespace and comments.bms2004-02-123-40/+48
| | | | Submitted by: njl
* Remove an unnecessary initialization that crept in from the code whichbms2004-02-122-4/+2
| | | | | | verifies TCP-MD5 digests. Noticed by: njl
* Fix a typo; left out preprocessor conditional for sigoff variable, whichbms2004-02-111-0/+2
| | | | | | is only used by TCP_SIGNATURE code. Noticed by: Roop Nanuwa
* Initial import of RFC 2385 (TCP-MD5) digest support.bms2004-02-1111-2/+397
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the first of two commits; bringing in the kernel support first. This can be enabled by compiling a kernel with options TCP_SIGNATURE and FAST_IPSEC. For the uninitiated, this is a TCP option which provides for a means of authenticating TCP sessions which came into being before IPSEC. It is still relevant today, however, as it is used by many commercial router vendors, particularly with BGP, and as such has become a requirement for interconnect at many major Internet points of presence. Several parts of the TCP and IP headers, including the segment payload, are digested with MD5, including a shared secret. The PF_KEY interface is used to manage the secrets using security associations in the SADB. There is a limitation here in that as there is no way to map a TCP flow per-port back to an SPI without polluting tcpcb or using the SPD; the code to do the latter is unstable at this time. Therefore this code only supports per-host keying granularity. Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6), TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective users of this feature, this will not pose any problem. This implementation is output-only; that is, the option is honoured when responding to a host initiating a TCP session, but no effort is made [yet] to authenticate inbound traffic. This is, however, sufficient to interwork with Cisco equipment. Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with local patches. Patches for tcpdump to validate TCP-MD5 sessions are also available from me upon request. Sponsored by: sentex.net
* pass pcb rather than so. it is expected that per socket policyume2004-02-036-21/+8
| | | | works again.
* Add sysctl net.inet.icmp.reply_src to specify the interface nameandre2004-02-021-0/+19
| | | | | | | | used for the ICMP reply source in reponse to packets which are not directly addressed to us. By default continue with with normal source selection. Reviewed by: bms
* More verbose description of the source ip address selection for ICMP replies.andre2004-02-021-5/+16
| | | | Reviewed by: bms
* Introduce the SO_BINTIME option which takes a high-resolution timestampphk2004-01-312-9/+20
| | | | | | | | | | | | at packet arrival. For benchmarking purposes SO_BINTIME is preferable to SO_TIMEVAL since it has higher resolution and lower overhead. Simultaneous use of the two options is possible and they will return consistent timestamps. This introduces an extra test and a function call for SO_TIMEVAL, but I have not been able to measure that.
* Remove NetBSD'isms (add FreeBSD'isms?), which makes gre(4) working again.sobomax2004-01-301-1/+1
|
* Correct the descriptions of the net.inet.{udp,raw}.recvspace sysctls.ru2004-01-272-2/+2
|
* Add support for WCCPv2. It should be enablem manually using link2sobomax2004-01-261-3/+6
| | | | | | | | ifconfig(8) flag since header for version 2 is the same but IP payload is prepended with additional 4-bytes field. Inspired by: Roman Synyuk <roman@univ.kiev.ua> MFC after: 2 weeks
* (whilespace-only)sobomax2004-01-261-3/+3
| | | | Kill trailing spaces.
* Remove leftover FREE() from changes in rev 1.50.andre2004-01-231-1/+0
| | | | Noticed by: Jun Kuriyama <kuriyama@imgsrc.co.jp>
* Split the overloaded variable 'win' into two for their specific purposes:andre2004-01-221-21/+22
| | | | | | | | recwin and sendwin. This removes a big source of confusion and makes following the code much easier. Reviewed by: sam (mentor) Obtained from: DragonFlyBSD rev 1.6 (hsu)
* Move the reduction by one of the syncache limit after the zone has beenandre2004-01-221-1/+1
| | | | | | | allocated. Reviewed by: sam (mentor) Obtained from: DragonFlyBSD rev 1.6 (hsu)
* Remove an unused variable and put the sockaddr_in6 onto the stack insteadandre2004-01-221-26/+14
| | | | | | | of malloc'ing it. Reviewed by: sam (mentor) Obtained from: DragonFlyBSD rev 1.6 (hsu)
* Merge from DragonFlyBSD rev 1.10:hsu2004-01-202-12/+10
| | | | | | | date: 2003/09/02 10:04:47; author: hsu; state: Exp; lines: +5 -6 Account for when Limited Transmit is not congestion window limited. Obtained from: DragonFlyBSD
* Mostly mechanical rework of libalias:phk2004-01-1716-737/+1071
| | | | | | | | | | | | Makes it possible to have multiple packet aliasing instances in a single process by moving all static and global variables into an instance structure called "struct libalias". Redefine a new API based on s/PacketAlias/LibAlias/g Add new "instance" argument to all functions in the new API. Implement old API in terms of the new API.
OpenPOWER on IntegriCloud