summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* - Set inc_isipv6 in tcp6_usr_connect().ume2002-02-282-0/+2
| | | | | | | - When making a pcb from a sync cache, do not forget to copy inc_isipv6. Obtained from: KAME MFC After: 1 week
* Simple p_ucred -> td_ucred changes to start using the per-thread ucredjhb2002-02-278-22/+22
| | | | reference.
* Change the wording of the inline comments from the previous commit.cjc2002-02-272-16/+6
| | | | Objection from: ru
* More IPV6 const fixes.alfred2002-02-272-2/+2
|
* Introduce a version field to `struct xucred' in place of one of thedd2002-02-273-25/+5
| | | | | | | | | | | | spares (the size of the field was changed from u_short to u_int to reflect what it really ends up being). Accordingly, change users of xucred to set and check this field as appropriate. In the kernel, this is being done inside the new cru2x() routine which takes a `struct ucred' and fills out a `struct xucred' according to the former. This also has the pleasant sideaffect of removing some duplicate code. Reviewed by: rwatson
* Staticize an extern that no one else used.brooks2002-02-262-3/+1
|
* Enforce inbound IPsec SPDjedgar2002-02-261-1/+11
| | | | Reviewed by: fenner
* Document what inpcb->inp_vflag is for.alfred2002-02-251-1/+1
| | | | Submitted by: Marco Molteni <molter@tin.it>
* The TCP code did not do sufficient checks on whether incoming packetscjc2002-02-252-14/+26
| | | | | | | | | | | | | were destined for a broadcast IP address. All TCP packets with a broadcast destination must be ignored. The system only ignored packets that were _link-layer_ broadcasts or multicast. We need to check the IP address too since it is quite possible for a broadcast IP address to come in with a unicast link-layer address. Note that the check existed prior to CSRG revision 7.35, but was removed. This commit effectively backs out that nine-year-old change. PR: misc/35022
* BUGFIX: make use of the pointer to the target of skipto rules,luigi2002-02-201-2/+4
| | | | | | | | | so that after the first time we can follow the pointer instead of having to scan the list. This was the intended behaviour from day one. PR: 34639 MFC-after: 3 days
* When expanding a syncache entry into a socket, inherit the socket optionsjlemon2002-02-201-1/+1
| | | | | from the current listen socket instead of the cached (and possibly stale) TCB pointer.
* o Move NTOHL() and associated macros into <sys/param.h>. These aremike2002-02-189-53/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
* Moved the 127/8 check below so that IPF redirects have a chance of working.ru2002-02-151-10/+10
| | | | MFC after: 1 day
* When a duplicate SYN arrives which matches an entry in the syncache,jlemon2002-02-121-0/+5
| | | | | | update our lazy reference to the inpcb structure, as it may have changed. Found by: dima
* Silence unused variable warning in the !KLD_MODULE case.dd2002-02-101-0/+2
| | | | Submitted by: archie
* Pre-KSE/M3 commit.julian2002-02-071-2/+2
| | | | | | | | | | this is a low-functionality change that changes the kernel to access the main thread of a process via the linked list of threads rather than assuming that it is embedded in the process. It IS still embeded there but remove all teh code that assumes that in preparation for the next commit which will actually move it out. Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
* In tcp_respond(), correctly reset returned IPv6 header. This is essentialume2002-02-042-0/+6
| | | | | | | when the original packet contains an IPv6 extension header. Obtained from: KAME MFC after: 1 week
* WARNS=n and lint(1) silencer. Declare an array of (const) stringsmarkm2002-02-031-1/+1
| | | | as const char.
* The ipfw(8) 'tee' action simply hasn't worked on incoming packets forcjc2002-01-261-0/+3
| | | | | | | | | | | | some time. _All_ packets, regardless of destination, were accepted by the machine as if addressed to it. Jump back to 'pass' processing for a teed packet instead of falling through as if it was ours. PR: kern/31130 Reviewed by: -net, luigi MFC after: 2 weeks
* The ENDPTS_EQ macro was comparing the one of the fports to itself. Fix.jlemon2002-01-221-1/+1
| | | | Submitted by: emy@boostworks.com
* - Check the address family of the destination cached in a PCB.ume2002-01-212-4/+12
| | | | | | | | - Clear the cached destination before getting another cached route. Otherwise, garbage in the padding space (which might be filled in if it was used for IPv4) could annoy rtalloc. Obtained from: KAME
* RFC1122 requires that addresses of the form { 127, <any> } MUST NOTru2002-01-211-1/+11
| | | | | | | | appear outside a host. PR: 30792, 33996 Obtained from: ip_input.c MFC after: 1 week
* Fix a panic condition in icmp_reflect() introduced in rev. 1.61.ru2002-01-111-2/+2
| | | | | | | | | | (We should be able to handle locally originated IP packets, and these do not have m_pkthdr.rcvif set.) PR: kern/32806, kern/33766 Reviewed by: luigi Fix tested by: Maxim Konovalov <maxim@macomnet.ru>, Erwin Lansing <erwin@lansing.dk>
* Initialise the intrq_present fields at runtime, not link time. This allowsmsmith2002-01-081-1/+1
| | | | | | us to load protocols at runtime, and avoids the use of common variables. Also fix the ip6_intrq assignment so that it works at all.
* Fix a missing "ipfw:" in a syslog message.cjc2002-01-071-1/+1
| | | | MFC after: 1 day
* Pre-calculate the checksum for multicast packets sourced on afenner2002-01-051-0/+12
| | | | | | multicast router. This is overkill; it should be possible to delay to hardware interfaces and only pre-calculate when forwarding to a tunnel.
* o Spelling fix in comment: tcp_ouput -> tcp_outputrwatson2002-01-042-2/+2
|
* Don't reveal a router in the IPSTEALTH mode through IP options.yar2001-12-291-4/+41
| | | | | | | | | | | The following steps are involved: a) the IP options related to routing (LSRR and SSRR) are processed as though the router were a host, b) the other IP options are processed as usual only if the packet is destined for the router; otherwise they are ignored. PR: kern/23123 Discussed in: freebsd-hackers
* Fix ipfw fwd so that it acts as the docs sayjulian2001-12-282-10/+24
| | | | | | | when forwarding an incoming packet to another machine. Obtained from: Vicor Production tree MFC after: 3 weeks
* Implement matching IP precedence in ipfw(4).yar2001-12-212-2/+6
| | | | Submitted by: Igor Timkin <ivt@gamma.ru>
* Remove a change that snuck in from my private tree.jlemon2001-12-211-1/+0
|
* If syncookies are disabled (net.inet.tcp.syncookies) then use the fasterjlemon2001-12-212-1/+5
| | | | | | arc4random() routine to generate ISNs instead of creating them with MD5(). Suggested by: silby
* When storing an int value in a void *, use intptr_t as the cast typejlemon2001-12-191-2/+2
| | | | (instead of int) to keep the 64 bit platforms happy.
* Don't try to free a NULL route when doing IPFIREWALL_FORWARD.yar2001-12-191-1/+2
| | | | | | | An old route will be NULL at that point if a packet were initially routed to an interface (using the IP_ROUTETOIF flag.) Submitted by: Igor Timkin <ivt@gamma.ru>
* Extend the SYN DoS defense by adding syncookies to the syncache.jlemon2001-12-191-14/+193
| | | | | | | | | | | | All TCP ISNs that are sent out are valid cookies, which allows entries in the syncache to be dropped and still have the ACK accepted later. As all entries pass through the syncache, there is no sudden switchover from cache -> cookies when the cache is full; instead, syncache entries simply have a reduced lifetime. More details may be found in the "Resisting DoS attacks with a SYN cache" paper in the Usenix BSDCon 2002 conference proceedings. Sponsored by: DARPA, NAI Labs
* Fixed the bug in transparent TCP proxying with the "encode_ip_hdr"ru2001-12-181-1/+3
| | | | | | option -- TcpAliasOut() did not catch the IP header length change. Submitted by: Stepachev Andrey <aka50@mail.ru>
* o Add IPOPT_ESO for the 'Extended Security' IP option (RFC1108)rwatson2001-12-141-0/+1
| | | | Obtained from: TrustedBSD Project
* o Add definition for IPOPT_CIPSO, the commercial security IP optionrwatson2001-12-141-0/+1
| | | | | | | number. Submitted by: Ilmar S. Habibulin <ilmar@watson.org> Obtained from: TrustedBSD Project
* whitespace and style fixes recovered from -stable.jlemon2001-12-141-33/+35
|
* minor style and whitespace fixes.jlemon2001-12-141-11/+12
|
* whitespace fixes.jlemon2001-12-142-7/+7
|
* minor whitespace fixes.jlemon2001-12-141-1/+1
|
* Reduce the local network slowstart flightsize from infinity to 4 packets.silby2001-12-141-1/+1
| | | | | | | | | | Now that we've increased the size of our send / receive buffers, bursting an entire window onto the network may cause congestion. As a result, we will slow start beginning with a flightsize of 4 packets. Problem reported by: Thomas Zenker <thz@Lennartz-electronic.de> MFC after: 3 days
* Undo one of my last minute changes; move sc_iss up earlier so itjlemon2001-12-131-1/+1
| | | | is initialized in case we take the T/TCP path.
* Fix up tabs from cut&n&paste.jlemon2001-12-131-8/+8
|
* Fix up tabs in comments.jlemon2001-12-132-8/+8
|
* Minor style fixes.jlemon2001-12-131-2/+2
|
* Minor style fix.jlemon2001-12-131-2/+2
|
* Update to C99, s/__FUNCTION__/__func__/,obrien2001-12-102-3/+3
| | | | also don't use ANSI string concatenation.
* o Our currenty userland boot code (due to rc.conf and rc.network) alwaysrwatson2001-12-071-1/+1
| | | | | enables TCP keepalives using the net.inet.tcp.always_keepalive by default. Synchronize the kernel default with the userland default.
OpenPOWER on IntegriCloud