summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* BUGFIX: make use of the pointer to the target of skipto rules,luigi2002-02-201-2/+4
| | | | | | | | | so that after the first time we can follow the pointer instead of having to scan the list. This was the intended behaviour from day one. PR: 34639 MFC-after: 3 days
* When expanding a syncache entry into a socket, inherit the socket optionsjlemon2002-02-201-1/+1
| | | | | from the current listen socket instead of the cached (and possibly stale) TCB pointer.
* o Move NTOHL() and associated macros into <sys/param.h>. These aremike2002-02-189-53/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
* Moved the 127/8 check below so that IPF redirects have a chance of working.ru2002-02-151-10/+10
| | | | MFC after: 1 day
* When a duplicate SYN arrives which matches an entry in the syncache,jlemon2002-02-121-0/+5
| | | | | | update our lazy reference to the inpcb structure, as it may have changed. Found by: dima
* Silence unused variable warning in the !KLD_MODULE case.dd2002-02-101-0/+2
| | | | Submitted by: archie
* Pre-KSE/M3 commit.julian2002-02-071-2/+2
| | | | | | | | | | this is a low-functionality change that changes the kernel to access the main thread of a process via the linked list of threads rather than assuming that it is embedded in the process. It IS still embeded there but remove all teh code that assumes that in preparation for the next commit which will actually move it out. Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
* In tcp_respond(), correctly reset returned IPv6 header. This is essentialume2002-02-042-0/+6
| | | | | | | when the original packet contains an IPv6 extension header. Obtained from: KAME MFC after: 1 week
* WARNS=n and lint(1) silencer. Declare an array of (const) stringsmarkm2002-02-031-1/+1
| | | | as const char.
* The ipfw(8) 'tee' action simply hasn't worked on incoming packets forcjc2002-01-261-0/+3
| | | | | | | | | | | | some time. _All_ packets, regardless of destination, were accepted by the machine as if addressed to it. Jump back to 'pass' processing for a teed packet instead of falling through as if it was ours. PR: kern/31130 Reviewed by: -net, luigi MFC after: 2 weeks
* The ENDPTS_EQ macro was comparing the one of the fports to itself. Fix.jlemon2002-01-221-1/+1
| | | | Submitted by: emy@boostworks.com
* - Check the address family of the destination cached in a PCB.ume2002-01-212-4/+12
| | | | | | | | - Clear the cached destination before getting another cached route. Otherwise, garbage in the padding space (which might be filled in if it was used for IPv4) could annoy rtalloc. Obtained from: KAME
* RFC1122 requires that addresses of the form { 127, <any> } MUST NOTru2002-01-211-1/+11
| | | | | | | | appear outside a host. PR: 30792, 33996 Obtained from: ip_input.c MFC after: 1 week
* Fix a panic condition in icmp_reflect() introduced in rev. 1.61.ru2002-01-111-2/+2
| | | | | | | | | | (We should be able to handle locally originated IP packets, and these do not have m_pkthdr.rcvif set.) PR: kern/32806, kern/33766 Reviewed by: luigi Fix tested by: Maxim Konovalov <maxim@macomnet.ru>, Erwin Lansing <erwin@lansing.dk>
* Initialise the intrq_present fields at runtime, not link time. This allowsmsmith2002-01-081-1/+1
| | | | | | us to load protocols at runtime, and avoids the use of common variables. Also fix the ip6_intrq assignment so that it works at all.
* Fix a missing "ipfw:" in a syslog message.cjc2002-01-071-1/+1
| | | | MFC after: 1 day
* Pre-calculate the checksum for multicast packets sourced on afenner2002-01-051-0/+12
| | | | | | multicast router. This is overkill; it should be possible to delay to hardware interfaces and only pre-calculate when forwarding to a tunnel.
* o Spelling fix in comment: tcp_ouput -> tcp_outputrwatson2002-01-042-2/+2
|
* Don't reveal a router in the IPSTEALTH mode through IP options.yar2001-12-291-4/+41
| | | | | | | | | | | The following steps are involved: a) the IP options related to routing (LSRR and SSRR) are processed as though the router were a host, b) the other IP options are processed as usual only if the packet is destined for the router; otherwise they are ignored. PR: kern/23123 Discussed in: freebsd-hackers
* Fix ipfw fwd so that it acts as the docs sayjulian2001-12-282-10/+24
| | | | | | | when forwarding an incoming packet to another machine. Obtained from: Vicor Production tree MFC after: 3 weeks
* Implement matching IP precedence in ipfw(4).yar2001-12-212-2/+6
| | | | Submitted by: Igor Timkin <ivt@gamma.ru>
* Remove a change that snuck in from my private tree.jlemon2001-12-211-1/+0
|
* If syncookies are disabled (net.inet.tcp.syncookies) then use the fasterjlemon2001-12-212-1/+5
| | | | | | arc4random() routine to generate ISNs instead of creating them with MD5(). Suggested by: silby
* When storing an int value in a void *, use intptr_t as the cast typejlemon2001-12-191-2/+2
| | | | (instead of int) to keep the 64 bit platforms happy.
* Don't try to free a NULL route when doing IPFIREWALL_FORWARD.yar2001-12-191-1/+2
| | | | | | | An old route will be NULL at that point if a packet were initially routed to an interface (using the IP_ROUTETOIF flag.) Submitted by: Igor Timkin <ivt@gamma.ru>
* Extend the SYN DoS defense by adding syncookies to the syncache.jlemon2001-12-191-14/+193
| | | | | | | | | | | | All TCP ISNs that are sent out are valid cookies, which allows entries in the syncache to be dropped and still have the ACK accepted later. As all entries pass through the syncache, there is no sudden switchover from cache -> cookies when the cache is full; instead, syncache entries simply have a reduced lifetime. More details may be found in the "Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002 conference proceedings. Sponsored by: DARPA, NAI Labs
* Fixed the bug in transparent TCP proxying with the "encode_ip_hdr"ru2001-12-181-1/+3
| | | | | | option -- TcpAliasOut() did not catch the IP header length change. Submitted by: Stepachev Andrey <aka50@mail.ru>
* o Add IPOPT_ESO for the 'Extended Security' IP option (RFC1108)rwatson2001-12-141-0/+1
| | | | Obtained from: TrustedBSD Project
* o Add definition for IPOPT_CIPSO, the commercial security IP optionrwatson2001-12-141-0/+1
| | | | | | | number. Submitted by: Ilmar S. Habibulin <ilmar@watson.org> Obtained from: TrustedBSD Project
* whitespace and style fixes recovered from -stable.jlemon2001-12-141-33/+35
|
* minor style and whitespace fixes.jlemon2001-12-141-11/+12
|
* whitespace fixes.jlemon2001-12-142-7/+7
|
* minor whitespace fixes.jlemon2001-12-141-1/+1
|
* Reduce the local network slowstart flightsize from infinity to 4 packets.silby2001-12-141-1/+1
| | | | | | | | | | Now that we've increased the size of our send / receive buffers, bursting an entire window onto the network may cause congestion. As a result, we will slow start beginning with a flightsize of 4 packets. Problem reported by: Thomas Zenker <thz@Lennartz-electronic.de> MFC after: 3 days
* Undo one of my last minute changes; move sc_iss up earlier so itjlemon2001-12-131-1/+1
| | | | is initialized in case we take the T/TCP path.
* Fix up tabs from cut&n&paste.jlemon2001-12-131-8/+8
|
* Fix up tabs in comments.jlemon2001-12-132-8/+8
|
* Minor style fixes.jlemon2001-12-131-2/+2
|
* Minor style fix.jlemon2001-12-131-2/+2
|
* Update to C99, s/__FUNCTION__/__func__/,obrien2001-12-102-3/+3
| | | | also don't use ANSI string concatenation.
* o Our currenty userland boot code (due to rc.conf and rc.network) alwaysrwatson2001-12-071-1/+1
| | | | | enables TCP keepalives using the net.inet.tcp.always_keepalive by default. Synchronize the kernel default with the userland default.
* Fixed remotely exploitable DoS in arpresolve().ru2001-12-051-1/+3
| | | | | | | | | Easily exploitable by flood pinging the target host over an interface with the IFF_NOARP flag set (all you need to know is the target host's MAC address). MFC after: 0 days
* o Introduce pr_mtx into struct prison, providing protection for therwatson2001-12-031-2/+2
| | | | | | | | | | | | | | | | | | mutable contents of struct prison (hostname, securelevel, refcount, pr_linux, ...) o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/ so as to enforce these protections, in particular, in kern_mib.c protection sysctl access to the hostname and securelevel, as well as kern_prot.c access to the securelevel for access control purposes. o Rewrite linux emulator abstractions for accessing per-jail linux mib entries (osname, osrelease, osversion) so that they don't return a pointer to the text in the struct linux_prison, rather, a copy to an array passed into the calls. Likewise, update linprocfs to use these primitives. o Update in_pcb.c to always use prison_getip() rather than directly accessing struct prison. Reviewed by: jhb
* Fix a bug with transmitter restart after receiving a 0 window. Thedillon2001-12-025-19/+56
| | | | | | | | | | | | | receiver was not sending an immediate ack with delayed acks turned on when the input buffer is drained, preventing the transmitter from restarting immediately. Propogate the TCP_NODELAY option to accept()ed sockets. (Helps tbench and is a good idea anyway). Some cleanup. Identify additonal issues in comments. MFC after: 1 day
* Allow for ip_output() to be called with a NULL route pointer.ru2001-12-012-6/+7
| | | | This fixes a panic I introduced yesterday in ip_icmp.c,v 1.64.
* o Stop abusing MD headers with non-MD types.mike2001-12-011-0/+15
| | | | | | | | | | | | | | | o Hide nonstandard functions and types in <netinet/in.h> when _POSIX_SOURCE is defined. o Add some missing types (required by POSIX.1-200x) to <netinet/in.h>. o Restore vendor ID from Rev 1.1 in <netinet/in.h> and make use of new __FBSDID() macro. o Fix some miscellaneous issues in <arpa/inet.h>. o Correct final argument for the inet_ntop() function (POSIX.1-200x). o Get rid of the namespace pollution from <sys/types.h> in <arpa/inet.h>. Reviewed by: fenner Partially submitted by: bde
* The transmit burst limit for newreno completely breaks TCP's performancedillon2001-11-301-0/+10
| | | | | | if the receive side is using delayed acks. Temporarily remove it. MFC after: 0 days
* During SIOCAIFADDR, if in_ifinit() fails and we've already added anbrian2001-11-301-24/+39
| | | | | | | | | | interface address, blow the address away again before returning the error. In in_ifinit(), if we get an error from rtinit() and we've also got a destination address, return the error rather than masking EEXISTS. Failing to create a host route when configuring an interface should be treated as an error.
* - Make ip_rtaddr() global, and use it to look up the correct sourceru2001-11-304-42/+35
| | | | | | | | | address in icmp_reflect(). - Two new "struct icmpstat" members: icps_badaddr and icps_noroute. PR: kern/31575 Obtained from: BSD/OS MFC after: 1 week
* ipfw_modevent(): Don't use an unnatural block to define a variabledd2001-11-271-3/+0
| | | | | | | (fcp) that's already defined in the outer block and isn't used anywhere else. This silences -Wunused. Reviewed by: md5(1)
OpenPOWER on IntegriCloud