| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
when the original packet contains an IPv6 extension header.
Obtained from: KAME
MFC after: 1 week
|
|
|
|
| |
as const char.
|
|
|
|
|
|
|
|
|
|
|
|
| |
some time. _All_ packets, regardless of destination, were accepted by
the machine as if addressed to it.
Jump back to 'pass' processing for a teed packet instead of falling
through as if it was ours.
PR: kern/31130
Reviewed by: -net, luigi
MFC after: 2 weeks
|
|
|
|
| |
Submitted by: emy@boostworks.com
|
|
|
|
|
|
|
|
| |
- Clear the cached destination before getting another cached route.
Otherwise, garbage in the padding space (which might be filled in if it was
used for IPv4) could annoy rtalloc.
Obtained from: KAME
|
|
|
|
|
|
|
|
| |
appear outside a host.
PR: 30792, 33996
Obtained from: ip_input.c
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
| |
(We should be able to handle locally originated IP packets, and
these do not have m_pkthdr.rcvif set.)
PR: kern/32806, kern/33766
Reviewed by: luigi
Fix tested by: Maxim Konovalov <maxim@macomnet.ru>,
Erwin Lansing <erwin@lansing.dk>
|
|
|
|
|
|
| |
us to load protocols at runtime, and avoids the use of common variables.
Also fix the ip6_intrq assignment so that it works at all.
|
|
|
|
| |
MFC after: 1 day
|
|
|
|
|
|
| |
multicast router. This is overkill; it should be possible to
delay to hardware interfaces and only pre-calculate when forwarding
to a tunnel.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The following steps are involved:
a) the IP options related to routing (LSRR and SSRR) are processed
as though the router were a host,
b) the other IP options are processed as usual only if the packet
is destined for the router; otherwise they are ignored.
PR: kern/23123
Discussed in: freebsd-hackers
|
|
|
|
|
|
|
| |
when forwarding an incoming packet to another machine.
Obtained from: Vicor Production tree
MFC after: 3 weeks
|
|
|
|
| |
Submitted by: Igor Timkin <ivt@gamma.ru>
|
| |
|
|
|
|
|
|
| |
arc4random() routine to generate ISNs instead of creating them with MD5().
Suggested by: silby
|
|
|
|
| |
(instead of int) to keep the 64 bit platforms happy.
|
|
|
|
|
|
|
| |
An old route will be NULL at that point if a packet were initially
routed to an interface (using the IP_ROUTETOIF flag.)
Submitted by: Igor Timkin <ivt@gamma.ru>
|
|
|
|
|
|
|
|
|
|
|
|
| |
All TCP ISNs that are sent out are valid cookies, which allows entries
in the syncache to be dropped and still have the ACK accepted later.
As all entries pass through the syncache, there is no sudden switchover
from cache -> cookies when the cache is full; instead, syncache entries
simply have a reduced lifetime. More details may be found in the
"Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002
conference proceedings.
Sponsored by: DARPA, NAI Labs
|
|
|
|
|
|
| |
option -- TcpAliasOut() did not catch the IP header length change.
Submitted by: Stepachev Andrey <aka50@mail.ru>
|
|
|
|
| |
Obtained from: TrustedBSD Project
|
|
|
|
|
|
|
| |
number.
Submitted by: Ilmar S. Habibulin <ilmar@watson.org>
Obtained from: TrustedBSD Project
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Now that we've increased the size of our send / receive buffers, bursting
an entire window onto the network may cause congestion. As a result,
we will slow start beginning with a flightsize of 4 packets.
Problem reported by: Thomas Zenker <thz@Lennartz-electronic.de>
MFC after: 3 days
|
|
|
|
| |
is initialized in case we take the T/TCP path.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
also don't use ANSI string concatenation.
|
|
|
|
|
| |
enables TCP keepalives using the net.inet.tcp.always_keepalive by default.
Synchronize the kernel default with the userland default.
|
|
|
|
|
|
|
|
|
| |
Easily exploitable by flood pinging the target
host over an interface with the IFF_NOARP flag
set (all you need to know is the target host's
MAC address).
MFC after: 0 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
receiver was not sending an immediate ack with delayed acks turned on
when the input buffer is drained, preventing the transmitter from
restarting immediately.
Propogate the TCP_NODELAY option to accept()ed sockets. (Helps tbench and
is a good idea anyway).
Some cleanup. Identify additonal issues in comments.
MFC after: 1 day
|
|
|
|
| |
This fixes a panic I introduced yesterday in ip_icmp.c,v 1.64.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Hide nonstandard functions and types in <netinet/in.h> when
_POSIX_SOURCE is defined.
o Add some missing types (required by POSIX.1-200x) to <netinet/in.h>.
o Restore vendor ID from Rev 1.1 in <netinet/in.h> and make use of new
__FBSDID() macro.
o Fix some miscellaneous issues in <arpa/inet.h>.
o Correct final argument for the inet_ntop() function (POSIX.1-200x).
o Get rid of the namespace pollution from <sys/types.h> in
<arpa/inet.h>.
Reviewed by: fenner
Partially submitted by: bde
|
|
|
|
|
|
| |
if the receive side is using delayed acks. Temporarily remove it.
MFC after: 0 days
|
|
|
|
|
|
|
|
|
|
| |
interface address, blow the address away again before returning the
error.
In in_ifinit(), if we get an error from rtinit() and we've also got
a destination address, return the error rather than masking EEXISTS.
Failing to create a host route when configuring an interface should
be treated as an error.
|
|
|
|
|
|
|
|
|
| |
address in icmp_reflect().
- Two new "struct icmpstat" members: icps_badaddr and icps_noroute.
PR: kern/31575
Obtained from: BSD/OS
MFC after: 1 week
|
|
|
|
|
|
|
| |
(fcp) that's already defined in the outer block and isn't used
anywhere else. This silences -Wunused.
Reviewed by: md5(1)
|
|
|
|
| |
options in handling MOD_{UN,}LOAD (they weren't very useful, anyway).
|
|
|
|
|
|
|
|
|
|
|
|
| |
received on an interface without an IP address, try to find a
non-loopback AF_INET address to use. If that fails, drop it.
Previously, we used the address at the top of the in_ifaddrhead list,
which didn't make much sense, and would cause a panic if there were no
AF_INET addresses configured on the system.
PR: 29337, 30524
Reviewed by: ru, jlemon
Obtained from: NetBSD
|
|
|
|
|
| |
syncache rely on 'struct route' being defined. This fixes the
LINT build some.
|
|
|
|
| |
fixes route breakage due to uncleared gabage on my box.
|
|
|
|
|
|
|
|
|
| |
for passive mode data connections (PASV/EPSV -> 227/229). Well,
the actual punching happens a bit later, when the aliasing link
becomes fully specified.
Prodded by: Danny Carroll <dannycarroll@hotmail.com>
MFC after: 1 week
|
|
|
|
|
|
|
| |
broken in revision 1.86. This broke natd(8)'s -punch_fw option.
Reported by: Daniel Rock <D.Rock@t-online.de>,
setantae <setantae@submonkey.net>
|
|
|
|
|
|
| |
to be followed by nfsnodehashtbl, so bzeroing callouts beyond the end of
tcp_syncache soon caused a null pointer panic when nfsnodehashtbl was
accessed.
|