summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Match IPPROTO_ICMP with IP protocol field of the original IPru2000-09-011-2/+2
| | | | | | | datagram embedded into ICMP error message, not with protocol field of ICMP message itself (which is always IPPROTO_ICMP). Pointed by: Erik Salander <erik@whistle.com>
* Fixed broken ICMP error generation, unified conversion of IP headerru2000-09-017-26/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fields between host and network byte order. The details: o icmp_error() now does not add IP header length. This fixes the problem when icmp_error() is called from ip_forward(). In this case the ip_len of the original IP datagram returned with ICMP error was wrong. o icmp_error() expects all three fields, ip_len, ip_id and ip_off in host byte order, so DTRT and convert these fields back to network byte order before sending a message. This fixes the problem described in PR 16240 and PR 20877 (ip_id field was returned in host byte order). o ip_ttl decrement operation in ip_forward() was moved down to make sure that it does not corrupt the copy of original IP datagram passed later to icmp_error(). o A copy of original IP datagram in ip_forward() was made a read-write, independent copy. This fixes the problem I first reported to Garrett Wollman and Bill Fenner and later put in audit trail of PR 16240: ip_output() (not always) converts fields of original datagram to network byte order, but because copy (mcopy) and its original (m) most likely share the same mbuf cluster, ip_output()'s manipulations on original also corrupted the copy. o ip_output() now expects all three fields, ip_len, ip_off and (what is significant) ip_id in host byte order. It was a headache for years that ip_id was handled differently. The only compatibility issue here is the raw IP socket interface with IP_HDRINCL socket option set and a non-zero ip_id field, but ip.4 manual page was unclear on whether in this case ip_id field should be in host or network byte order.
* Changed the way we handle outgoing ICMP error messages -- doru2000-09-011-12/+22
| | | | | | | | not alias `ip_src' unless it comes from the host an original datagram that triggered this error message was destined for. PR: 20712 Reviewed by: brian, Charles Mott <cmott@scientech.com>
* Grab ADJUST_CHECKSUM() macro from alias_local.h.ru2000-08-311-17/+0
|
* Create aliasing links for incoming ICMP echo/timestamp requests.ru2000-08-312-47/+24
| | | | | This makes outgoing ICMP echo/timestamp replies to be de-aliased with the right source IP, not exactly the primary aliasing IP.
* Fixed the bug that div_bind() always returned zeroru2000-08-301-1/+1
| | | | even if there was an error (broken in rev 1.9).
* Backout the hack in rev 1.71, I am working on a better patchru2000-08-301-1/+0
| | | | | that should cover almost all inconsistencies in ICMP error generation.
* strtok -> strsep (no strtok allowed in libraries)ache2000-08-291-3/+6
| | | | add unsigned char cast to ctype macro
* Apply appropriate patch.darrenr2000-08-291-0/+1
| | | | | PR: 20877 Submitted by: Frank Volf (volf@oasis.IAEhv.nl)
* Remove obsolete comment.archie2000-08-221-1/+0
|
* Fixed a missing splx() in if_addmulti(). Was broken in rev.1.28.bde2000-08-191-1/+3
|
* repair endianness issue in IN_MULTICAST().itojun2000-08-151-2/+2
| | | | | | again, *BSD difference... From: Nick Sayer <nsayer@quack.kfu.com>
* Fixed PunchFW code segmentation violation bug.ru2000-08-141-5/+4
| | | | Reported by: Christian Schade <chris@cube.sax.de>
* Use queue(3) LIST_* macros for doubly-linked lists.ru2000-08-141-65/+18
|
* resolve conflictsdarrenr2000-08-139-91/+356
|
* - Do not modify Peer's Call ID in outgoing Incoming-Call-Connectedru2000-08-091-18/+25
| | | | | | | | PPTP control messages. - Cosmetics: replace `GRE link' with `PPTP link'. Reviewed by: Erik Salander <erik@whistle.com>
* Adjust TCP checksum rather than compute it afresh.ru2000-08-071-4/+8
| | | | Submitted by: Erik Salander <erik@whistle.com>
* Improve performance in the case where ip_output() returns an error.archie2000-08-031-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | When this happens, we know for sure that the packet data was not received by the peer. Therefore, back out any advancing of the transmit sequence number so that we send the same data the next time we transmit a packet, avoiding a guaranteed missed packet and its resulting TCP transmit slowdown. In most systems ip_output() probably never returns an error, and so this problem is never seen. However, it is more likely to occur with device drivers having short output queues (causing ENOBUFS to be returned when they are full), not to mention low memory situations. Moreover, because of this problem writers of slow devices were required to make an unfortunate choice between (a) having a relatively short output queue (with low latency but low TCP bandwidth because of this problem) or (b) a long output queue (with high latency and high TCP bandwidth). In my particular application (ISDN) it took an output queue equal to ~5 seconds of transmission to avoid ENOBUFS. A more reasonable output queue of 0.5 seconds resulted in only about 50% TCP throughput. With this patch full throughput was restored in the latter case. Reviewed by: freebsd-net
* Make netstat(1) to be aware of divert(4) sockets.ru2000-08-032-1/+91
|
* Change __FreeBSD_Version into the proper __FreeBSD_version.roberto2000-08-012-6/+6
| | | | Submitted by: Alain.Thivillon@hsc.fr (Alain Thivillon) (for ip_fil.c)
* Add missing '0' to FreeBSD_version test: 50011 -> 500011ache2000-08-011-5/+5
|
* Nonexistent <sys/pfil.h> -> <net/pfil.h>ache2000-07-311-1/+1
| | | | Kernel 'make depend' fails otherwise
* Whitespace only:sheldonh2000-07-311-4/+4
| | | | | Fix an overlong line and trailing whitespace that crept in, in the previous commit.
* activate pfil_hooks and covert ipfilter to use itdarrenr2000-07-315-24/+69
|
* Add address translation support for RTSP/RTP used by RealPlayer andarchie2000-07-268-3/+819
| | | | | | | | Quicktime streaming media applications. Add a BUGS section to the man page. Submitted by: Erik Salander <erik@whistle.com>
* When a connection is being dropped due to a listen queue overflow,jayanth2000-07-216-2/+64
| | | | | | | | | delete the cloned route that is associated with the connection. This does not exhaust the routing table memory when the system is under a SYN flood attack. The route entry is not deleted if there is any prior information cached in it. Reviewed by: Peter Wemm,asmodai
* fix conflictsdarrenr2000-07-1913-109/+221
|
* Fix a comment which was broken in rev 1.36.sheldonh2000-07-181-1/+1
| | | | | PR: 19947 Submitted by: Tetsuya Isaki <isaki@net.ipc.hiroshima-u.ac.jp>
* close PR 19544 - ipfw pipe delete causes panic when no pipes definedluigi2000-07-171-2/+2
| | | | PR: 19544
* Extra sanity check when arp proxyall is enabled. Don't send an arpdwmalone2000-07-131-0/+26
| | | | | | | | | | reply if the requesting machine isn't on the interface we believe it should be. Prevents arp wars when you plug cables in the wrong way around. PR: 9848 Submitted by: Ian Dowse <iedowse@maths.tcd.ie> Not objected to by: wollman
* re-enable the tcp newreno code.jayanth2000-07-121-1/+1
|
* remove m_pulldown statistics, which is highly experimental and does notitojun2000-07-121-12/+4
| | | | belong to *bsd-merged tree
* be more cautious about tcp option length field. drop bogus ones earlier.itojun2000-07-092-2/+6
| | | | | not sure if there is a real threat or not, but it seems that there's possibility for overrun/underrun (like non-NOP option with optlen > cnt).
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-0423-248/+1791
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.phk2000-07-046-11/+11
| | | | Pointed out by: bde
* Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:phk2000-07-036-11/+11
| | | | | | | | Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our sources: -sysctl_vm_zone SYSCTL_HANDLER_ARGS +sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
* Fixed PunchFWHole():ru2000-06-271-2/+3
| | | | | - ipfw always rejected rule with `neither in nor out' diagnostics. - number of src/dst ports was not set properly.
* - Removed PacketAliasPptp() API function.ru2000-06-204-38/+1
| | | | - SHLIB_MAJOR++.
* Added true support for PPTP aliasing. Some nice features include:ru2000-06-207-11/+422
| | | | | | | | | | | | | | | | | | | | - Multiple PPTP clients behind NAT to the same or different servers. - Single PPTP server behind NAT -- you just need to redirect TCP port 1723 to a local machine. Multiple servers behind NAT is possible but would require a simple API change. - No API changes! For more information on how this works see comments at the start of the alias_pptp.c. PacketAliasPptp() is no longer necessary and will be removed soon. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru Rewritten by: ru Reviewed by: Erik Salander <erik@whistle.com>
* return of the accept filter part IIalfred2000-06-202-0/+263
| | | | | | | | | | | accept filters are now loadable as well as able to be compiled into the kernel. two accept filters are provided, one that returns sockets when data arrives the other when an http request is completed (doesn't work with 0.9 requests) Reviewed by: jmg
* - Improved passive mode FTP support by aliasing 229 replies.ru2000-06-161-312/+337
| | | | | - Stricter checking of PORT/EPRT/227/229 messages format. - Moved all security checks into one place.
* - Added support for passive mode FTP by aliasing 227 replies.ru2000-06-143-15/+228
| | | | | | | | | | | | | | | It does mean that it is now possible to run passive-mode FTP server behind NAT. - SECURITY: FTP aliasing engine now ensures that: o the segment preceding a PORT/227 segment terminates with a \r\n; o the IP address in the PORT/227 matches the source IP address of the packet; o the port number in the PORT command or 277 reply is greater than or equal to 1024. Submitted by: Erik Salander <erik@whistle.com> Reviewed by: ru
* Fix behaviour of "ipfw pipe show" -- previous code gaveluigi2000-06-141-5/+10
| | | | | ambiguous data to the userland program (kernel operation was safe, anyways).
* Add tcpoptions to ipfw. This works much in the same way as ipoptions do.dan2000-06-082-0/+80
| | | | | | | | | | It also squashes 99% of packet kiddie synflood orgies. For example, to rate syn packets without MSS, ipfw pipe 10 config 56Kbit/s queue 10Packets ipfw add pipe 10 tcp from any to any in setup tcpoptions !mss Submitted by: Richard A. Steenbergen <ras@e-gerbil.net>
* Implement WF2Q+ in dummynet.luigi2000-06-084-346/+1306
|
* Add boundary checks against IP options.jlemon2000-06-023-3/+12
| | | | Obtained from: OpenBSD
* When attempting to transmit a packet, if the system fails to allocatejlemon2000-06-021-0/+4
| | | | | | | | | | | | | a mbuf, it may return without setting any timers. If no more data is scheduled to be transmitted (this was a FIN) the system will sit in LAST_ACK state forever. Thus, when mbuf allocation fails, set the retransmit timer if neither the retransmit or persist timer is already pending. Problem discovered by: Mike Silbersack (silby@silby.com) Pushed for a fix by: Bosko Milekic <bmilekic@dsuper.net> Reviewed by: jayanth
* define CSUM_DELAY_DATA to match mergedarrenr2000-05-261-0/+4
|
* Back out the previous change to the queue(3) interface.jake2000-05-269-19/+19
| | | | | | It was not discussed and should probably not happen. Requested by: msmith and others
* fix up #ifdef jungle for FreeBSDdarrenr2000-05-251-4/+9
|
OpenPOWER on IntegriCloud