summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* KSE Milestone 2julian2001-09-1213-95/+95
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Remove some un-needed code that was accidentally included injulian2001-09-071-15/+0
| | | | | | the 2nd previous KAME patch. Submitted by: SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp>
* Patches from KAME to remove usage of Varargs in existingjulian2001-09-072-13/+4
| | | | | | | IPV4 code. For now they will still have some in the developing stuff (IPv6) Submitted by: Keiichi SHIMA / <keiichi@iij.ad.jp> Obtained from: KAME
* Wrap array accesses in macros, which also happen to be lvalues:jlemon2001-09-063-4/+4
| | | | | | | ifnet_addrs[i - 1] -> ifaddr_byindex(i) ifindex2ifnet[i] -> ifnet_byindex(i) This is intended to ease the conversion to SMPng.
* Fix sysctl comment field, s/the the/then thealfred2001-09-041-1/+1
| | | | Pointed out by: ru
* Allow disabling of "arp moved" messages.alfred2001-09-031-6/+12
| | | | Submitted by: Stephen Hurd <deuce@lordlegacy.org>
* I really hope this is the right answer.julian2001-09-031-1/+3
| | | | | call ip_input directly but take the offset off the packet first if it's an IPV4 packet encapsulated.
* Call ip_input() instead of ipip_input()julian2001-09-031-1/+8
| | | | | when decoding encapsulated ipv4 packets. (allows line to compile again)
* One caller of rip_input failed to be converted in the last commit.julian2001-09-031-1/+1
|
* Patches from Keiichi SHIMA <keiichi@iij.ad.jp>julian2001-09-0318-58/+58
| | | | | | to make ip use the standard protosw structure again. Obtained from: Well, KAME I guess.
* when newreno is turned on, if dupacks = 1 or dupacks = 2 andjayanth2001-08-292-0/+4
| | | | | | | | | new data is acknowledged, reset the dupacks to 0. The problem was spotted when a connection had its send buffer full because the congestion window was only 1 MSS and was not being incremented because dupacks was not reset to 0. Obtained from: Yahoo!
* When net.inet.tcp.icmp_may_rst is enabled, report ECONNREFUSED not ENETRESETjesper2001-08-271-1/+1
| | | | | | | | | | to the application as a RST would, this way we're compatible with the most applications. MFC candidate. Submitted by: Scott Renfro <scott@renfro.org> Reviewed by: Mike Silbersack <silby@silby.com>
* the IP_FW_GET code in ip_fw_ctl() sizes a buffer to hold informationbillf2001-08-261-0/+3
| | | | | | | | | | | | | | | | | about rules and dynamic rules. it later fills this buffer with these rules. it also takes the opporunity to compare the expiration of the dynamic rules with the current time and either marks them for deletion or simply charges the countdown. unfortunatly it does this all (the sizing, the buffer copying, and the expiration GC) with no spl protection whatsoever. it was possible for the dynamic rule(s) to be ripped out from under the request before it had completed, resulting in corrupt memory dereferencing. Reviewed by: ps MFC before: 4.4-RELEASE, hopefully.
* Correct a typo in a comment: FIN_WAIT2 -> FIN_WAIT_2dd2001-08-232-2/+2
| | | | | PR: 29970 Submitted by: Joseph Mallett <jmallett@xMach.org>
* Much delayed but now present: RFC 1948 style sequence numberssilby2001-08-228-178/+199
| | | | | | | | | | In order to ensure security and functionality, RFC 1948 style initial sequence number generation has been implemented. Barring any major crypographic breakthroughs, this algorithm should be unbreakable. In addition, the problems with TIME_WAIT recycling which affect our currently used algorithm are not present. Reviewed by: jesper
* Added TFTP support.ru2001-08-211-0/+9
| | | | | Submitted by: Joe Clarke <marcus@marcuscom.com> MFC after: 2 weeks
* Close the "IRC DCC" security breach reported recently on Bugtraq.ru2001-08-211-0/+6
| | | | Submitted by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
* Make the copyright consistent.brian2001-08-204-12/+0
| | | | Previously approved by: Charles Mott <cmott@scientech.com>
* Handle snprintf() returning -1brian2001-08-201-3/+13
| | | | MFC after: 2 weeks
* Make the protoswitch definitiosn checkable in the same way thatjulian2001-08-101-15/+9
| | | | | | | | cdevsw entries have been for a long time. Discover that we now have two version sof the same structure. I will shoot one of them shortly when I figure out why someone thinks they need it. (And I can prove they don't) (netinet/ipprotosw.h should GO AWAY)
* mdoc(7) police:ru2001-08-071-4/+2
| | | | | | | Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text. Not only this slows down the mdoc(7) processing significantly, but it also has an undesired (in this case) effect of disabling hyphenation within the entire enclosed block.
* When running aplication joined multicast address,ume2001-08-043-0/+51
| | | | | | | | | | | | | | removing network card, and kill aplication. imo_membership[].inm_ifp refer interface pointer after removing interface. When kill aplication, release socket,and imo_membership. imo_membership use already not exist interface pointer. Then, kernel panic. PR: 29345 Submitted by: Inoue Yuichi <inoue@nd.net.fujitsu.co.jp> Obtained from: KAME MFC after: 3 days
* MFS: Avoid dropping fragments in the absence of an interface address.dcs2001-08-031-3/+5
| | | | | | Noticed by: fenner Submitted by: iedowse Not committed to current by: iedowse ;-)
* Fix a warning.peter2001-07-272-0/+4
|
* Patch up some style(9) stuff in tcp_new_isn()peter2001-07-272-22/+14
|
* s/OpemBSD/OpenBSD/peter2001-07-272-2/+2
|
* move ipsec security policy allocation into in_pcballoc, beforeume2001-07-265-33/+10
| | | | | | | | making pcbs available to the outside world. otherwise, we will see inpcb without ipsec security policy attached (-> panic() in ipsec.c). Obtained from: KAME MFC after: 3 days
* Somewhat modernize ip_mroute.c:fenner2001-07-253-192/+160
| | | | | | | - Use sysctl to export stats - Use ip_encap.c's encapsulation support - Update lkm to kld (is 6 years a record for a broken module?) - Remove some unused cruft
* Avoid a NULL pointer derefence introduced in rev. 1.129.ru2001-07-231-24/+21
| | | | | | Problem noticed by: bde, gcc(1) Panic caught by: mjacob Patch tested by: mjacob
* Backout non-functional changes from revision 1.128.ru2001-07-191-13/+9
| | | | Not objected to by: dcs
* Skip the route checking in the case of multicast packets with knowndcs2001-07-171-9/+22
| | | | | | | interfaces. Reviewed by: people at that channel Approved by: silence on -net
* Backout damage to the INADDR_TO_IFP() macro in revision 1.7.ru2001-07-171-12/+5
| | | | | | | | | | | | | This macro was supposed to only match local IP addresses of interfaces, and all consumers of this macro assume this as well. (See IP_MULTICAST_IF and IP_ADD_MEMBERSHIP socket options in the ip(4) manpage.) This fixes a major security breach in IPFW-based firewalls where the `me' keyword would match the other end of a P2P link. PR: kern/28567
* Bump net.inet.tcp.sendspace to 32k and net.inet.tcp.recvspace to 65k.obrien2001-07-131-2/+2
| | | | | | | | | | | | | This should help us in nieve benchmark "tests". It seems a wide number of people think 32k buffers would not cause major issues, and is in fact in use by many other OS's at this time. The receive buffers can be bumped higher as buffers are hardly used and several research papers indicate that receive buffers rarely use much space at all. Submitted by: Leo Bicknell <bicknell@ufp.org> <20010713101107.B9559@ussenterprise.ufp.org> Agreed to in principle by: dillon (at the 32k level)
* mdoc(7) police: removed HISTORY info from the .Os call.ru2001-07-101-1/+1
|
* Temporary feature: Runtime tuneable tcp initial sequence numbersilby2001-07-088-6/+77
| | | | | | | | | | | | | | | | | | generation scheme. Users may now select between the currently used OpenBSD algorithm and the older random positive increment method. While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT handling; this is causing trouble for an increasing number of folks. To switch between generation schemes, one sets the sysctl net.inet.tcp.tcp_seq_genscheme. 0 = random positive increments, 1 = the OpenBSD algorithm. 1 is still the default. Once a secure _and_ compatible algorithm is implemented, this sysctl will be removed. Reviewed by: jlemon Tested by: numerous subscribers of -net
* gif(4) and stf(4) modernization:brooks2001-07-023-52/+4
| | | | | | | | | | | - Remove gif dependencies from stf. - Make gif and stf into modules - Make gif cloneable. PR: kern/27983 Reviewed by: ru, ume Obtained from: NetBSD MFC after: 1 week
* While in there fixing a fragment logging bug, fix it so we logcjc2001-07-021-8/+11
| | | | | | | | | | | | | | | | | | fragments "right." Log fragment information tcpdump(8)-style, Jul 1 19:38:45 bubbles /boot/kernel/kernel: ipfw: 1000 Accept ICMP:8.0 192.168.64.60 192.168.64.20 in via ep0 (frag 53113:1480@0+) That is, instead of the old, ... Fragment = <offset/8> Do, ... (frag <IP ID>:<data len>@<offset>[+]) PR: kern/23446 Approved by: ru MFC after: 1 week
* Backout CSRG revision 7.22 to this file (if in_losing notices anru2001-06-291-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | RTF_DYNAMIC route, it got freed twice). I am not sure what was the actual problem in 1992, but the current behavior is memory leak if PCB holds a reference to a dynamically created/modified routing table entry. (rt_refcnt>0 and we don't call rtfree().) My test bed was: 1. Set net.inet.tcp.msl to a low value (for test purposes), e.g., 5 seconds, to speed up the transition of TCP connection to a "closed" state. 2. Add a network route which causes ICMP redirect from the gateway. 3. ping(8) host H that matches this route; this creates RTF_DYNAMIC RTF_HOST route to H. (I was forced to use ICMP to cause gateway to generate ICMP host redirect, because gateway in question is a 4.2-STABLE system vulnerable to a problem that was fixed later in ip_icmp.c,v 1.39.2.6, and TCP packets with DF bit set were triggering this bug.) 4. telnet(1) to H 5. Block access to H with ipfw(8) 6. Send something in telnet(1) session; this causes EPERM, followed by an in_losing() call in a few seconds. 7. Delete ipfw(8) rule blocking access to H, and wait for TCP connection moving to a CLOSED state; PCB is freed. 8. Delete host route to H. 9. Watch with netstat(1) that `rttrash' increased. 10. Repeat steps 3-9, and watch `rttrash' increases. PR: kern/25421 MFC after: 2 weeks
* Fixed the brain-o in rev. 1.10: the logic check was reversed.ru2001-06-271-1/+1
| | | | Reported by: Bernd Fuerwitt <bf@fuerwitt.de>
* Bring in fix from NetBSD's revision 1.16:ru2001-06-261-1/+7
| | | | | | | Pass the correct destination address for the route-to-gateway case. PR: kern/10607 MFC after: 2 weeks
* Allow getcred sysctl to work in jailed root processes. Processes candwmalone2001-06-243-17/+35
| | | | | | | | only do getcred calls for sockets which were created in the same jail. This should allow the ident to work in a reasonable way within jails. PR: 28107 Approved by: des, rwatson
* Replace bzero() of struct ip with explicit zeroing of structure members,jlemon2001-06-232-4/+12
| | | | which is faster.
* Add netstat(1) knob to reset net.inet.{ip|icmp|tcp|udp|igmp}.stats.ru2001-06-236-6/+6
| | | | | | For example, ``netstat -s -p ip -z'' will show and reset IP stats. PR: bin/17338
* Eliminate the allocation of a tcp template structure for eachsilby2001-06-238-135/+122
| | | | | | | | | | | | connection. The information contained in a tcptemp can be reconstructed from a tcpcb when needed. Previously, tcp templates required the allocation of one mbuf per connection. On large systems, this change should free up a large number of mbufs. Reviewed by: bmilekic, jlemon, ru MFC after: 2 weeks
* - Renumber KAME local ICMP types and NDP options numberes beacaues theysumikawa2001-06-211-6/+8
| | | | | | | | | are duplicated by newly defined types/options in RFC3121 - We have no backward compatibility issue. There is no apps in our distribution which use the above types/options. Obtained from: KAME MFC after: 2 weeks
* made sure to use the correct sa_len for rtalloc().ume2001-06-202-4/+4
| | | | | | | | | | sizeof(ro_dst) is not necessarily the correct one. this change would also fix the recent path MTU discovery problem for the destination of an incoming TCP connection. Submitted by: JINMEI Tatuya <jinmei@kame.net> Obtained from: KAME MFC after: 2 weeks
* Do not perform arp send/resolve on an interface marked NOARP.jlemon2001-06-151-1/+9
| | | | | PR: 25006 MFC after: 2 weeks
* Fix a stack of KAME netinet6/in6.h warnings:peter2001-06-151-2/+4
| | | | | 592: warning: `struct mbuf' declared inside parameter list 595: warning: `struct ifnet' declared inside parameter list
* Sync with recent KAME.ume2001-06-1122-459/+697
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* Make the default value of net.inet.ip.maxfragpackets andjesper2001-06-101-2/+3
| | | | | | | | net.inet6.ip6.maxfragpackets dependent on nmbclusters, defaulting to nmbclusters / 4 Reviewed by: bde MFC after: 1 week
OpenPOWER on IntegriCloud