summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Add the option versrcreach to verify that a valid route to theandre2004-04-232-7/+32
| | | | | | | | | | | | | | | | | | | | source address of a packet exists in the routing table. The default route is ignored because it would match everything and render the check pointless. This option is very useful for routers with a complete view of the Internet (BGP) in the routing table to reject packets with spoofed or unrouteable source addresses. Example: ipfw add 1000 deny ip from any to any not versrcreach also known in Cisco-speak as: ip verify unicast source reachable-via any Reviewed by: luigi
* Fix a potential race when purging expired hostcache entries.andre2004-04-231-3/+3
| | | | Spotted by: luigi
* Take out an unneeded variable I forgot to remove in the last commit,silby2004-04-221-2/+3
| | | | and make two small whitespace fixes so that diffs vs rev 1.142 are minimal.
* Simplify random port allocation, and add net.inet.ip.portrange.randomized,silby2004-04-221-27/+13
| | | | | | which can be used to turn off randomized port allocation if so desired. Requested by: alfred
* Fix a typo in a comment.bms2004-04-201-1/+1
|
* Switch from using sequential to random ephemeral port allocation,silby2004-04-201-6/+28
| | | | | | | | | implementation taken directly from OpenBSD. I've resisted committing this for quite some time because of concern over TIME_WAIT recycling breakage (sequential allocation ensures that there is a long time before ports are recycled), but recent testing has shown me that my fears were unwarranted.
* Enhance our RFC1948 implementation to perform better in some pathlogicalsilby2004-04-203-4/+107
| | | | | | | | | | | | | | | | | | | | TIME_WAIT recycling cases I was able to generate with http testing tools. In short, as the old algorithm relied on ticks to create the time offset component of an ISN, two connections with the exact same host, port pair that were generated between timer ticks would have the exact same sequence number. As a result, the second connection would fail to pass the TIME_WAIT check on the server side, and the SYN would never be acknowledged. I've "fixed" this by adding random positive increments to the time component between clock ticks so that ISNs will *always* be increasing, no matter how quickly the port is recycled. Except in such contrived benchmarking situations, this problem should never come up in normal usage... until networks get faster. No MFC planned, 4.x is missing other optimizations that are needed to even create the situation in which such quick port recycling will occur.
* Replace Bcopy with 'the real thing' as in the rest of the file.luigi2004-04-181-1/+1
|
* In an effort to simplify the routing code, try to deprecate rtalloc()luigi2004-04-142-2/+2
| | | | | | | | in favour of rtalloc_ign(), which is what would end up being called anyways. There are 25 more instances of rtalloc() in net*/ and about 10 instances of rtalloc_ign()
* Remove advertising clause from University of California Regent'simp2004-04-0744-176/+0
| | | | | | | license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
* Fixed a bug in previous revision: compute the payload checksum beforeru2004-04-071-8/+8
| | | | | | | | | | | | | | we convert ip_len into a network byte order; in_delayed_cksum() still expects it in host byte order. The symtom was the ``in_cksum_skip: out of data by %d'' complaints from the kernel. To add to the previous commit log. These fixes make tcpdump(1) happy by not complaining about UDP/TCP checksum being bad for looped back IP multicast when multicast router is deactivated. Reported by: Vsevolod Lobko
* Fixed misspelling of IPPORT_MAX as USHRT_MAX. Don't include <sys/limits.h>bde2004-04-061-9/+9
| | | | | | | | | to implement this mistake. Fixed some nearby style bugs (initialization in declaration, misformatting of this initialization, missing blank line after the declaration, and comparision of the non-boolean result of the initialization with 0 using "!". In KNF, "!" is not even used to compare booleans with 0).
* Two missed in previous commit -- compare pointer with NULL rather thanrwatson2004-04-052-4/+4
| | | | using it as a boolean.
* Prefer NULL to 0 when checking pointer values as integers or booleans.rwatson2004-04-052-38/+40
|
* Fix a panic possibility caused by returning without releasing locks.pjd2004-04-041-37/+26
| | | | | | | | | | | | It was fixed by moving problemetic checks, as well as checks that doesn't need locking before locks are acquired. Submitted by: Ryan Sommers <ryans@gamersimpact.com> In co-operation with: cperciva, maxim, mlaier, sam Tested by: submitter (previous patch), me (current patch) Reviewed by: cperciva, mlaier (previous patch), sam (current patch) Approved by: sam Dedicated to: enough!
* + arpresolve(): remove an unused argumentluigi2004-04-042-9/+4
| | | | | | | | | + struct ifnet: remove unused fields, move ipv6-related field close to each other, add a pointer to l3<->l2 translation tables (arp,nd6, etc.) for future use. + struct route: remove an unused field, move close to each other some fields that might likely go away in the future
* Unbreak natd.deischen2004-04-021-0/+1
| | | | Reported and submitted by: Sean McNeil (sean at mcneil.com)
* Raise WARNS level to 2.des2004-03-311-0/+1
|
* Deal with aliasing warnings.des2004-03-314-181/+63
| | | | | Reviewed by: ru Approved by: silence on the lists
* Invert the logic of NET_LOCK_GIANT(), and remove the one reference to it.rwatson2004-03-281-2/+0
| | | | | | | | Previously, Giant would be grabbed at entry to the IP local delivery code when debug.mpsafenet was set to true, as that implied Giant wouldn't be grabbed in the driver path. Now, we will use this primitive to conditionally grab Giant in the event the entire network stack isn't running MPSAFE (debug.mpsafenet == 0).
* Remove unused argument.pjd2004-03-281-4/+3
|
* Reduce 'td' argument to 'cred' (struct ucred) argument in those functions:pjd2004-03-276-44/+46
| | | | | | | | | | | | | | - in_pcbbind(), - in_pcbbind_setup(), - in_pcbconnect(), - in_pcbconnect_setup(), - in6_pcbbind(), - in6_pcbconnect(), - in6_pcbsetport(). "It should simplify/clarify things a great deal." --rwatson Requested by: rwatson Reviewed by: rwatson, ume
* Remove unused argument.pjd2004-03-276-8/+6
| | | | Reviewed by: ume
* Validate IPv6 socket options more carefully to avoid a panic.ume2004-03-261-0/+1
| | | | | PR: kern/61513 Reviewed by: cperciva, nectar
* Remove unused function.pjd2004-03-252-11/+0
| | | | It was used in FreeBSD 4.x, but now we're using cr_canseesocket().
* Untangle IP multicast routing interaction with delayed payload checksums.ru2004-03-251-13/+3
| | | | | | | | | | Compute the payload checksum for a locally originated IP multicast where God intended, in ip_mloopback(), rather than doing it in ip_output() and only when multicast router is active. This is more correct as we do not fool ip_input() that the packet has the correct payload checksum when in fact it does not (when multicast router is inactive). This is also more efficient if we don't join the multicast group we send to, thus allowing the hardware to checksum the payload.
* Lock down global variables in if_gre:rwatson2004-03-221-1/+12
| | | | | | | | | | | | | | - Add gre_mtx to protect global softc list. - Hold gre_mtx over various list operations (insert, delete). - Centralize if_gre interface teardown in gre_destroy(), and call this from modevent unload and gre_clone_destroy(). - Export gre_mtx to ip_gre.c, which walks the gre list to look up gre interfaces during encapsulation. Add a wonking comment on how we need some sort of drain/reference count mechanism to keep gre references alive while in use and simultaneous destroy. This commit does not lockdown softc data, which follows in a future commit.
* - Fix indentation lost by 'diff -b'.mdodd2004-03-211-5/+4
| | | | - Un-wrap short line.
* Remove interface type specific code from arprequest(), and in_arpinput().mdodd2004-03-211-111/+19
| | | | | | | The AF_ARP case in the (*if_output)() routine will handle the interface type specific bits. Obtained from: NetBSD
* Run through indent(1) so I can read the code without getting a headache.des2004-03-1614-5317/+5233
| | | | | The result isn't quite knf, but it's knfer than the original, and far more consistent.
* De-register.mdodd2004-03-141-22/+22
|
* Lock down IP-layer encapsulation library:rwatson2004-03-101-51/+35
| | | | | | | | | | | | | | | | | - Add encapmtx to protect ip_encap.c global variables (encapsulation list). - Unifdef #ifdef 0 pieces of encap_init() which was (and now really is) basically a no-op. - Lock encapmtx when walking encaptab, modifying it, comparing entries, etc. - Remove spl's. Note that currently there's no facilite to make sure outstanding use of encapsulation methods on a table entry have drained bfore we allow a table entry to be removed. As such, it's currently the caller's responsibility to make sure that draining takes place. Reviewed by: mlaier
* Scrub unused variable zeroin_addr.rwatson2004-03-102-3/+0
|
* To comply with the spec, do not copy the TOS from the outer IPhsu2004-03-081-6/+6
| | | | | | | header to the inner IP header of the PIM Register if this is a PIM Null-Register message. Submitted by: Pavlin Radoslavov <pavlin@icir.org>
* Include <sys/types.h> for autoconf/automake detection.hsu2004-03-081-0/+2
| | | | Submitted by: Pavlin Radoslavov <pavlin@icir.org>
* Add some missing DUMMYNET_UNLOCK() in config_pipe().mlaier2004-03-031-2/+7
| | | | | Noticed by: Simon Coggins Approved by: bms(mentor)
* Two minor follow-ups on the MT_TAG removal:mlaier2004-03-021-3/+2
| | | | | | | | ifp is now passed explicitly to ether_demux; no need to look it up again. Make mtag a global var in ip_input. Noticed by: rwatson Approved by: bms(mentor)
* Rename NET_PICKUP_GIANT() to NET_LOCK_GIANT(), and NET_DROP_GIANT()rwatson2004-03-011-2/+2
| | | | | | | | | | | to NET_UNLOCK_GIANT(). While they are used in similar ways, the semantics are quite different -- NET_LOCK_GIANT() and NET_UNLOCK_GIANT() directly wrap mutex lock and unlock operations, whereas drop/pickup special case the handling of Giant recursion. Add a comment saying as much. Add NET_ASSERT_GIANT(), which conditionally asserts Giant based on the value of debug_mpsafenet.
* fix -O0 compilation without INET6.ume2004-03-012-4/+24
| | | | Pointed out by: ru
* Remove unneeded {} originally used to hold local variables for dummynetrwatson2004-02-281-2/+0
| | | | | | in a code block, as the variable is now gone. Submitted by: sam
* Remove now unneeded arguments to tcp_twrespond() -- so and msrc. Theserwatson2004-02-285-23/+7
| | | | | | were needed by the MAC Framework until inpcbs gained labels. Submitted by: sam
* Bring eventhandler callbacks for pf.mlaier2004-02-261-0/+5
| | | | | | | | This enables pf to track dynamic address changes on interfaces (dailup) with the "on (<ifname>)"-syntax. This also brings hooks in anticipation of tracking cloned interfaces, which will be in future versions of pf. Approved by: bms(mentor)
* Tweak existing header and other build infrastructure to be able to buildmlaier2004-02-264-4/+32
| | | | | | | pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor)
* Split the mlock() kernel code into two parts, mlock(), which unpackstruckman2004-02-264-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the syscall arguments and does the suser() permission check, and kern_mlock(), which does the resource limit checking and calls vm_map_wire(). Split munlock() in a similar way. Enable the RLIMIT_MEMLOCK checking code in kern_mlock(). Replace calls to vslock() and vsunlock() in the sysctl code with calls to kern_mlock() and kern_munlock() so that the sysctl code will obey the wired memory limits. Nuke the vslock() and vsunlock() implementations, which are no longer used. Add a member to struct sysctl_req to track the amount of memory that is wired to handle the request. Modify sysctl_wire_old_buffer() to return an error if its call to kern_mlock() fails. Only wire the minimum of the length specified in the sysctl request and the length specified in its argument list. It is recommended that sysctl handlers that use sysctl_wire_old_buffer() should specify reasonable estimates for the amount of data they want to return so that only the minimum amount of memory is wired no matter what length has been specified by the request. Modify the callers of sysctl_wire_old_buffer() to look for the error return. Modify sysctl_old_user to obey the wired buffer length and clean up its implementation. Reviewed by: bms
* Re-remove MT_TAGs. The problems with dummynet have been fixed now.mlaier2004-02-2514-403/+461
| | | | | Tested by: -current, bms(mentor), me Approved by: bms(mentor), sam
* Fixed namespace pollution in rev.1.74. Implementation of the syncachebde2004-02-251-1/+4
| | | | | | | | increased <netinet/tcp_var>'s already large set of prerequisites, and this was handled badly. Just don't declare the complete syncache struct unless <netinet/pcb.h> is included before <netinet/tcp_var.h>. Approved by: jlemon (years ago, for a more invasive fix)
* Don't use the negatively-opaque type uma_zone_t or be chummy withbde2004-02-251-3/+1
| | | | <vm/uma.h>'s idempotency indentifier or its misspelling.
* Relax a KASSERT condition to allow for a valid corner case wherehsu2004-02-252-4/+10
| | | | | | the FIN on the last segment consumes an extra sequence number. Spurious panic reported by Mike Silbersack <silby@silby.com>.
* Convert the tcp segment reassembly queue to UMA and limit the maximumandre2004-02-245-25/+174
| | | | | | | | | | | | | | | | | | | | | | | | amount of segments it will hold. The following tuneables and sysctls control the behaviour of the tcp segment reassembly queue: net.inet.tcp.reass.maxsegments (loader tuneable) specifies the maximum number of segments all tcp reassemly queues can hold (defaults to 1/16 of nmbclusters). net.inet.tcp.reass.maxqlen specifies the maximum number of segments any individual tcp session queue can hold (defaults to 48). net.inet.tcp.reass.cursegments (readonly) counts the number of segments currently in all reassembly queues. net.inet.tcp.reass.overflows (readonly) counts how often either the global or local queue limit has been reached. Tested by: bms, silby Reviewed by: bms, silby
* Fixed ucred structure leak.pjd2004-02-192-0/+4
| | | | | | Approved by: scottl (mentor) PR: 54163 MFC after: 3 days
OpenPOWER on IntegriCloud