summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Fix a warning and a potential panic if TCPDEBUG is active. (tp ispeter1999-11-181-0/+2
| | | | a wild pointer and used by TCPDEBUG2())
* The logic for blackhole processing does not free mbufs if thephk1999-11-171-0/+2
| | | | | | | | blackhole flag is set. PR: 14958 Submitted by: Larry Baird <lab@gta.com> Reviewed by: phk
* add two more codes to ICMP error 12 (Parameter Problem).jmb1999-11-151-0/+2
| | | | | | these two are detailed in RFC1700. Reviewed by: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
* Restore sub-chapters order.phantom1999-11-091-19/+16
| | | | | PR: docs/14766 Submitted by: Kazutoshi Kubota <kazu@iworks.co.jp>
* Undo rev 1.10, which took out TH_FIN from the CLOSING state. Thisjlemon1999-11-071-1/+1
| | | | breaks simultaneous closes.
* KAME related header files additions and merges.shin1999-11-0513-35/+120
| | | | | | | (only those which don't affect c source files so much) Reviewed by: cvs-committers Obtained from: KAME project
* Append missing newline to log() message for permanent ARP modificationsheldonh1999-10-181-1/+1
| | | | | | | attempt warning, which was added in rev 1.48 . PR: 14371 Submitted by: sec@pi.musin.de (Stefan `Sec` Zehl)
* Nuke the old antique copy of ipfilter from the tree. This is old enoughpeter1999-10-1018-9034/+0
| | | | | | | | to be dangerous. It will better serve us as a port building a KLD, ala SKIP. The hooks are staying although it would be better to port and use the NetBSD pfil interface rather than have custom hooks.
* Implement RLIMIT_SBSIZE in the kernel. This is a per-uid sockbuf totalgreen1999-10-092-4/+4
| | | | usage limit.
* Properly handle the case when either the aliasing or source address ofru1999-09-271-26/+66
| | | | | | | | | | | | | the link are equal to the default aliasing address. Do not zero them! This will fix the problem with non-working links added with the source and/or aliasing address equal to the default aliasing address, but the default aliasing address is set later, after the link has been set up, like both natd(8) and ppp(8) do (for objective reasons). Reviewed by: Brian Somers <brian@FreeBSD.org>, Eivind Eklund <eivind@FreeBSD.org>, Charles Mott <cmott@srv.net>
* Remove five now unused fields from struct cdevsw. They should neverphk1999-09-251-5/+0
| | | | | | | | have been there in the first place. A GENERIC kernel shrinks almost 1k. Add a slightly different safetybelt under nostop for tty drivers. Add some missing FreeBSD tags
* ReLink() partial links in FindLinkOut() in the same manner as we do itru1999-09-221-7/+15
| | | | | | in FindLinkIn(). This will make TcpMonitorIn()/TcpMonitorOut() happy. Reviewed by: eivind
* Restore previous version of FindLinkIn().ru1999-09-211-9/+8
| | | | | Instead, natd(8) should be fixed to call PacketAliasSetAddress() as part of initialization, as required by libalias(3).
* - Make partially specified permanent links (without `dst_addr' and/orru1999-09-211-11/+25
| | | | | | | | | | | `dst_port') work for outgoing packets. - Make permanent links whose `alias_addr' matches the primary aliasing address `aliasAddress' work for incoming packets. - Typo fixes. Reviewed by: brian, eivind
* sys/errno.h -> errno.hbrian1999-09-211-1/+1
|
* Change so_cred's type to a ucred, not a pcred. THis makes more sense, actually.green1999-09-195-22/+15
| | | | | | Make a sonewconn3() which takes an extra argument (proc) so new sockets created with sonewconn() from a user's system call get the correct credentials, not just the parent's credentials.
* Re-arrange the arp code so that fddi arps work properly.lile1999-09-161-29/+46
|
* Reorder.des1999-09-141-4/+4
|
* Fix some more disordering, as well as the description string for thedes1999-09-142-12/+12
| | | | | net.inet.tcp.drop_synfin sysctl, which for some mysterious reason said "Drop TCP packets with FIN+ACK set" (instead of "...with SYN+FIN set")
* Add the net.inet.tcp.restrict_rst and net.inet.tcp.drop_synfin sysctldes1999-09-122-0/+58
| | | | | variables, conditional on the TCP_RESTRICT_RST and TCP_DROP_SYNFIN kernel options, respectively. See the comments in LINT for details.
* - Optimization to the previous (rev 1.15) commit.ru1999-09-101-9/+11
| | | | | | Requested by: eivind Discussed with: eivind Reviewed by: brian, eivind
* Handle TCP reset sequence properly.ru1999-09-091-2/+2
| | | | | | | | | | | | | | | | | | | In the words of originator: :If an incoming connection is initiated through natd and deny_incoming is :not set, then a new alias_link structure is created to handle the link. :If there is nothing listening for the incoming connection, then the kernel :responds with a RST for the connection. However, this is not processed :correctly in libalias/alias.c:TcpMonitor{In,Out} and :libalias/alias_db.c:SetState{In,Out} as it thinks a connection :has been established and therefore applies a timeout of 86400 seconds :to the link. : :If many of these half-connections are initiated (during, for example, a :port scan of the host), then many thousands of unnecessary links are :created and the resident size of natd balloons to 20MB or more. PR: 13639 Reviewed by: brian
* Fix typo.ru1999-09-081-1/+1
|
* Simplify, and return an error if the user attempts to set a TCPjlemon1999-08-311-7/+3
| | | | | | time value which results in < 1 tick. Suggested by: bde
* Remove conversion macros that were used during development.jlemon1999-08-311-9/+1
|
* Add a SYSCTL_PROC so that TCP timer values are now expressed tojlemon1999-08-311-10/+35
| | | | | | the user in ms, while they are stored internally as ticks. Note that there probably are rounding bogons here, especially on the alpha.
* Restructure TCP timeout handling:jlemon1999-08-3011-409/+690
| | | | | | | | | | - eliminate the fast/slow timeout lists for TCP and instead use a callout entry for each timer. - increase the TCP timer granularity to HZ - implement "bad retransmit" recovery, as presented in "On Estimating End-to-End Network Path Properties", by Allman and Paxson. Submitted by: jlemon, wollmann
* Add $FreeBSD$ and spell Eklund properly.billf1999-08-297-1/+14
| | | | Approved by: brian (well, he approved adding $Id$)
* Remove extra indenting of `break' statements introducted in rev 1.89,obrien1999-08-292-18/+26
| | | | | | plus wrap some long lines from that revision. While here, wrap some other long lines.
* Include the correct header for the IPSTEALTH option.des1999-08-291-0/+1
|
* Oops, I missed a cast in rev.1.119.bde1999-08-291-1/+1
|
* It is much easier to arp if you don't truncate your arp-reply's.lile1999-08-281-11/+12
| | | | [affects token-ring only]
* Also make the "other" packets counter resettable.green1999-08-281-1/+3
|
* $Id$ -> $FreeBSD$peter1999-08-2870-71/+71
|
* $Id$ -> $FreeBSD$peter1999-08-285-5/+5
|
* Correction: uid -> gid (comment)green1999-08-271-2/+2
|
* Add readonly OID ``net.inet.tcp.tcbhashsize'' so it is possible tojlemon1999-08-262-2/+12
| | | | discover the size of the TCB hashtable on a running system.
* Cast pointers to [u]intptr_t instead of casting them to [u_]long. Don'tbde1999-08-241-4/+4
| | | | | depend on gcc's feature of casting lvalues, especially for direct assignment where it doesn't even simplify the syntax. Cosmetic.
* Aallow ppp to work with Nortel Networks Extranet Switchbrian1999-08-221-0/+6
| | | | | | product and Windows NT tunneling. Submitted by: Chain Lee <chain@nortelnetworks.com>
* Typo: 102 => 192 (PR: docs/13310 - Maxim Sobolev <sobomax@altavista.net>)hoek1999-08-221-2/+2
|
* To christen the brand new security category for syslog, we get IPFWgreen1999-08-211-58/+86
| | | | | | | | | | | | | | using syslog(3) (log(9)) for its various purposes! This long-awaited change also includes such nice things as: * macros expanding into _two_ comma-delimited arguments! * snprintf! * more snprintf! * linting and criticism by more people than you can shake a stick at! * a slightly more uniform message style than before! and last but not least * no less than 5 rewrites! Reviewed by: committers
* Fix breakage if blackhole=1 and tiflags & TH_SYN, pluscsgr1999-08-193-16/+26
| | | | | | style(9) fixes Submitted by: Jonathon Lemon
* Slight tweak to tcp.blackhole to add optional behaviour tocsgr1999-08-182-18/+52
| | | | | | | | | drop any segment arriving at a closed port. tcp.blackhole=1 - only drop SYN without RST tcp.blackhole=2 - drop everything without RST tcp.blackhole=0 - always send RST - default behaviour This confuses nmap -sF or -sX or -sN quite badly.
* Fix a printf() formatter to match its variable.billf1999-08-171-2/+2
| | | | Reviewed by: bde, luigi
* Add net.inet.tcp.blackhole and net.inet.udp.blackholecsgr1999-08-173-6/+25
| | | | | | | | | | | sysctl knobs. With these knobs on, refused connection attempts are dropped without sending a RST, or Port unreachable in the UDP case. In the TCP case, sending of RST is inhibited iff the incoming segment was a SYN. Docs and rc.conf settings to follow.
* Various man page cleanup:mpp1999-08-151-17/+12
| | | | | | | | | | - Sort xrefs - FreeBSD.ORG -> FreeBSD.org - Be consistent with section names as outlines in mdoc(7) - Other misc mdoc cleanup. PR: doc/13144 Submitted by: Alexy M. Zelkin <phantom@cris.net>
* Implement probabilistic rule match in ipfw. Each rule can be associatedluigi1999-08-112-9/+38
| | | | | | | | | | | | | | | | | | | | | with a match probability to achieve non-deterministic behaviour of the firewall. This can be extremely useful for testing purposes such as simulating random packet drop without having to use dummynet (which already does the same thing), and simulating multipath effects and the associated out-of-order delivery (this time in conjunction with dummynet). The overhead on normal rules is just one comparison with 0. Since it would have been trivial to implement this by just adding a field to the ip_fw structure, I decided to do it in a backward-compatible way (i.e. struct ip_fw is unchanged, and as a consequence you don't need to recompile ipfw if you don't want to use this feature), since this was also useful for -STABLE. When, at some point, someone decides to change struct ip_fw, please add a length field and a version number at the beginning, so userland apps can keep working even if they are out of sync with the kernel.
* Add spl() protection to remove that the timer is invoked multipleluigi1999-08-111-3/+5
| | | | | times resulting in higher bandwidth and lower delays. Reported-by: Jamshid Madhavi
* Add net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, fordes1999-08-101-3/+28
| | | | | | | respectively logging and dropping ICMP REDIRECT packets. Note that there is no rate limiting on the log messages, so log_redirect should be used with caution (preferrably only for debugging purposes).
* Make ipfw's logging more dynamic. Now, log will use the default limitgreen1999-08-014-12/+87
| | | | | | | | | | | | | _or_ you may specify "log logamount number" to set logging specifically the rule. In addition, "ipfw resetlog" has been added, which will reset the logging counters on any/all rule(s). ipfw resetlog does not affect the packet/byte counters (as ipfw reset does), and is the only "set" command that can be run at securelevel >= 3. This should address complaints about not being able to set logging amounts, not being able to restart logging at a high securelevel, and not being able to just reset logging without resetting all of the counters in a rule.
OpenPOWER on IntegriCloud