Commit Graph

1392 Commits

Author SHA1 Message Date
yamt e745dd4766 remove TCPOPT_MD5SIGNATURE because no one in our tree uses it
and it's duplicated with TCPOPT_SIGNATURE.
i preferred TCPOPT_SIGNATURE because it's used by FreeBSD and OpenBSD.
2004-12-07 14:24:04 +00:00
peter 396b87b8c2 Convert lo(4) to a clonable device.
This also removes the loif array and changes all code to use the new
lo0ifp pointer which points to the lo0 ifnet structure.

Approved by christos.
2004-12-04 16:10:25 +00:00
christos 1ad35fcc9a PR/25749: Peter Postma: missing splx() in kernel. 2004-11-13 19:17:50 +00:00
thorpej 402ff2cf29 Slight simplification to IFA_STATS handling. 2004-10-06 05:42:24 +00:00
darrenr 0543239818 Add a comment to document what setting "srcrt" is really on about in ipintr() 2004-10-06 01:34:11 +00:00
yamt 2c46ccce37 move netinet/ip_lookup.h -> dist/ipf/netinet/ip_lookup.h. 2004-10-05 04:56:41 +00:00
yamt 8484dd9eed move ipf headers and add a comment. 2004-10-05 04:55:48 +00:00
jdolecek 46134b3da6 move ip_htable.h from sys/netinet/ to sys/dist/ipf/netinet/, it's ipfilter file 2004-10-02 07:59:14 +00:00
christos 722688d056 These are ipfilter files, although they don't have the same copyright.
Thanks jaromir.
2004-10-02 07:51:11 +00:00
christos 5976437e5f Move ipf to sys/dist/ipf; Note that I followed the pattern used for pf.
I think though that the files.ipfilter and Makefile glue should go to
the dist directory, not like it is done now.
2004-10-01 15:24:45 +00:00
christos 1b492809a0 PR/27082: Sean Boudreau: redundant assignment or NULL dereference in
in_pcbconnect()
2004-09-29 21:30:00 +00:00
christos d790aa42d0 PR/27081: Sean Boudreau: ip_input() bad csum count not incremented on sw csum 2004-09-29 21:28:34 +00:00
christos 7059bc7962 PR/21902: Sean Boudreau: arplookup() incrementing arpstat.as_allocfail
erroneously.
2004-09-29 21:26:52 +00:00
yamt 0ea22c32fa fix ipqent pool corruption problems. make tcp reass code use
its own pool of ipqent rather than sharing it with ip reass code.
PR/24782.
2004-09-15 09:21:22 +00:00
yamt d676f9e5b0 fr_check_wrapper: as ipf modifies application data as well when
doing application proxy, it's needed to ensure that the whole packet
is writable here.
2004-09-06 10:46:02 +00:00
yamt d73bcfeb33 fr_check_wrapper, fr_check_wrapper6:
ensure that mbufs are writable beforehand as ipf assumes.
PR/26773 and PR/26850.
2004-09-06 10:00:43 +00:00
darrenr 9ec77d6329 Do not allow packets flagged with "out-of-window" (oow) to match "keep state"
rules and try to prevent such rules ("keep state with oow") from being loaded
into the kernel.

Pr: kern/26581
2004-09-06 09:55:13 +00:00
manu 85111f912e IPv4 PIM support, based on submission from Pavlin Radoslavov on tech-net@ :
two new files I forgot to add on the first cvs commit.
2004-09-04 23:32:29 +00:00
manu 6e3c639957 IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on
tech-net@
2004-09-04 23:29:44 +00:00
darrenr 02c34673a3 add a per-socket counter for dropped UDP packets when the internal buffers
are full.
2004-09-03 18:14:09 +00:00
smb 57643d12c5 Don't try and add a state session if the packet has already been checked
and marked as out of window - trying to do the add will result in a failure
and the packet being blocked, incorrectly.

Committed By: darrenr
Tested By: smb
2004-09-03 04:18:09 +00:00
chs 34187f4589 fix m_pulldown() usage, it's different from m_pullup().
fixes PRs 26666 and 26701.
2004-08-22 21:38:21 +00:00
itojun 682ddb0274 initialize max_keylen for ip_encap.c earlier 2004-08-17 07:05:34 +00:00
yamt 28b17ac69e in_control: fix address leaks on error, which causes a panic
("no domain for AF 0") on if_detach.
- SIOCAIFADDR, SIOCSIFADDR: free an address on error.
- SIOCSIFNETMASK, SIOCSIFDSTADDR: reject operations for an interface which
  has no AF_INET addresses.

partly from OpenBSD and FreeBSD.
reviewed by Christos Zoulas on tech-net@.
2004-08-08 09:52:41 +00:00
christos f3a2c3728b remove the avail = 0; assignment which is superfluous. pointed out by enami. 2004-08-04 03:55:06 +00:00
christos 5ab21dfa5d PR/26471: Arto Selonen: ipfilter 4.1.3 crashes the system every few hours
Remove extraneous m = NULL assignment that will cause a NULL dereference
later.
2004-08-03 16:16:30 +00:00
cube 19861ea4fe Remove a common (icmpstat). 2004-08-03 13:58:59 +00:00
yamt 48d156e320 call PFIL_NEWIF hooks at a correct place.
(on SIOCAIFADDR rather than SIOCGIFALIAS.)

from Peter Postma, PR/26402.
ok'ed by itojun.
2004-07-26 13:43:14 +00:00
martti 7ff15b917f Upgraded IPFilter to 4.1.3 2004-07-23 05:39:03 +00:00
martti 9e82a8bf0d Import IPFilter 4.1.3 2004-07-23 05:33:55 +00:00
yamt 4374881880 fix typos. PFIL_HOOK -> PFIL_HOOKS 2004-07-18 11:37:38 +00:00
itojun 5807e550e5 typo. Bruno Rohee 2004-07-09 09:15:02 +00:00
christos d397fc692a Bring in flags from 4.1.2 to make things compile. 2004-07-08 02:52:02 +00:00
mycroft cc559c8583 Fix SIOCSIFNETMASK -- it needs to use in_ifscrub() and in_ifinit() to update
the interface route and various internal state.  Also, it should use an ifreq,
not an if_aliasreq.  Addresses PR 9604.  (Nothing in our source tree uses
SIOCSIFNETMASK, though.  Perhaps it should be deprecated.)
2004-07-07 01:39:00 +00:00
minoura c3ed038115 Remove broken code for now: getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY,...).
It returned EINVAL, now returns ENOPROTOOPT.
Ok'd by itojun.
2004-07-06 04:30:27 +00:00
heas 192b371d42 Adjust description for net.inet.udp.checksum; it does not controll checking,
only computing.
2004-07-02 18:19:51 +00:00
christos 01a2047486 PR/25999: Jeff Rizzo: ipf: ipnat is corrupting "bimap" translations in 2.0_BETA and -current 2004-06-29 22:44:59 +00:00
itojun 2aef0b1784 correct TCP-MD5 support. Jeff Rizzo 2004-06-26 03:29:15 +00:00
itojun db45a6f189 icmp_reflect: check if m_pkthdr.rcvif is non-NULL before touching it.
icmp_reflect could be called from the output path, so m_pkthdr.rcvif may not
be set.  (found by panic when PF is configured "block return all")
2004-06-25 15:43:00 +00:00
itojun 59302fc979 be careful touching m_pkthdr.rcvif, it could be NULL if the packet was
generated from local node and icmp_error calls icmp_reflect.
2004-06-25 15:24:41 +00:00
itojun 047170b1cc prepare PF-related hooks. reviewed by matt, perry, christos 2004-06-22 12:50:41 +00:00
tron c465794d70 Correct two errors in fr_check():
1.) Make sure that "pass" is always initialized.
2.) Make sure the code doesn't use a stale mbuf pointer after fr_makefrip()
    has been called. This fixes PR kern/25868.

Analyzed and reviewed by Steve Woodford.
2004-06-16 14:06:23 +00:00
tron fcda778c8f Don't leak mbuf if ipfr_fastroute6() fails.
Reviewed by Steve Woodford.
2004-06-16 14:02:39 +00:00
itojun b834441eb5 update mtu value if outgoing interface changes with ipsec ops
(draft-touch-vpn case only?)  iij seil team
2004-06-01 05:06:56 +00:00
itojun b4ea6633c0 fix SIOC*LIFADDR for IPv4. markus friedl 2004-05-30 06:37:07 +00:00
atatat 4de3747b89 Sysctl descriptions under net subtree (net.key not done) 2004-05-25 04:33:59 +00:00
jonathan 349ad018c7 Remove now-unused variable. 2004-05-23 00:37:27 +00:00
jonathan c8c7a6dbab With FAST_IPSEC, include <netipsec/key.h>, as Itojun's recent changes
now require KEY_FREESAV() to be in scope.
2004-05-20 22:59:02 +00:00
christos bd67b97d6a PR/25622: IPV6 return RST and through cloned interfaces was broken.
- checksum was computed incorrectly.
- ipv6 packet was not initialized properly.
- fixed code to be more similar to the v4 counterpart.
2004-05-20 13:55:31 +00:00
christos b78a596c7a PR/25646: Perry Metzger: Commit a patch that compiles awaiting feedback. 2004-05-20 13:54:19 +00:00