yamt
e745dd4766
remove TCPOPT_MD5SIGNATURE because no one in our tree uses it
...
and it's duplicated with TCPOPT_SIGNATURE.
i preferred TCPOPT_SIGNATURE because it's used by FreeBSD and OpenBSD.
2004-12-07 14:24:04 +00:00
peter
396b87b8c2
Convert lo(4) to a clonable device.
...
This also removes the loif array and changes all code to use the new
lo0ifp pointer which points to the lo0 ifnet structure.
Approved by christos.
2004-12-04 16:10:25 +00:00
christos
1ad35fcc9a
PR/25749: Peter Postma: missing splx() in kernel.
2004-11-13 19:17:50 +00:00
thorpej
402ff2cf29
Slight simplification to IFA_STATS handling.
2004-10-06 05:42:24 +00:00
darrenr
0543239818
Add a comment to document what setting "srcrt" is really on about in ipintr()
2004-10-06 01:34:11 +00:00
yamt
2c46ccce37
move netinet/ip_lookup.h -> dist/ipf/netinet/ip_lookup.h.
2004-10-05 04:56:41 +00:00
yamt
8484dd9eed
move ipf headers and add a comment.
2004-10-05 04:55:48 +00:00
jdolecek
46134b3da6
move ip_htable.h from sys/netinet/ to sys/dist/ipf/netinet/, it's ipfilter file
2004-10-02 07:59:14 +00:00
christos
722688d056
These are ipfilter files, although they don't have the same copyright.
...
Thanks jaromir.
2004-10-02 07:51:11 +00:00
christos
5976437e5f
Move ipf to sys/dist/ipf; Note that I followed the pattern used for pf.
...
I think though that the files.ipfilter and Makefile glue should go to
the dist directory, not like it is done now.
2004-10-01 15:24:45 +00:00
christos
1b492809a0
PR/27082: Sean Boudreau: redundant assignment or NULL dereference in
...
in_pcbconnect()
2004-09-29 21:30:00 +00:00
christos
d790aa42d0
PR/27081: Sean Boudreau: ip_input() bad csum count not incremented on sw csum
2004-09-29 21:28:34 +00:00
christos
7059bc7962
PR/21902: Sean Boudreau: arplookup() incrementing arpstat.as_allocfail
...
erroneously.
2004-09-29 21:26:52 +00:00
yamt
0ea22c32fa
fix ipqent pool corruption problems. make tcp reass code use
...
its own pool of ipqent rather than sharing it with ip reass code.
PR/24782.
2004-09-15 09:21:22 +00:00
yamt
d676f9e5b0
fr_check_wrapper: as ipf modifies application data as well when
...
doing application proxy, it's needed to ensure that the whole packet
is writable here.
2004-09-06 10:46:02 +00:00
yamt
d73bcfeb33
fr_check_wrapper, fr_check_wrapper6:
...
ensure that mbufs are writable beforehand as ipf assumes.
PR/26773 and PR/26850.
2004-09-06 10:00:43 +00:00
darrenr
9ec77d6329
Do not allow packets flagged with "out-of-window" (oow) to match "keep state"
...
rules and try to prevent such rules ("keep state with oow") from being loaded
into the kernel.
Pr: kern/26581
2004-09-06 09:55:13 +00:00
manu
85111f912e
IPv4 PIM support, based on submission from Pavlin Radoslavov on tech-net@ :
...
two new files I forgot to add on the first cvs commit.
2004-09-04 23:32:29 +00:00
manu
6e3c639957
IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on
...
tech-net@
2004-09-04 23:29:44 +00:00
darrenr
02c34673a3
add a per-socket counter for dropped UDP packets when the internal buffers
...
are full.
2004-09-03 18:14:09 +00:00
smb
57643d12c5
Don't try and add a state session if the packet has already been checked
...
and marked as out of window - trying to do the add will result in a failure
and the packet being blocked, incorrectly.
Committed By: darrenr
Tested By: smb
2004-09-03 04:18:09 +00:00
chs
34187f4589
fix m_pulldown() usage, it's different from m_pullup().
...
fixes PRs 26666 and 26701.
2004-08-22 21:38:21 +00:00
itojun
682ddb0274
initialize max_keylen for ip_encap.c earlier
2004-08-17 07:05:34 +00:00
yamt
28b17ac69e
in_control: fix address leaks on error, which causes a panic
...
("no domain for AF 0") on if_detach.
- SIOCAIFADDR, SIOCSIFADDR: free an address on error.
- SIOCSIFNETMASK, SIOCSIFDSTADDR: reject operations for an interface which
has no AF_INET addresses.
partly from OpenBSD and FreeBSD.
reviewed by Christos Zoulas on tech-net@.
2004-08-08 09:52:41 +00:00
christos
f3a2c3728b
remove the avail = 0; assignment which is superfluous. pointed out by enami.
2004-08-04 03:55:06 +00:00
christos
5ab21dfa5d
PR/26471: Arto Selonen: ipfilter 4.1.3 crashes the system every few hours
...
Remove extraneous m = NULL assignment that will cause a NULL dereference
later.
2004-08-03 16:16:30 +00:00
cube
19861ea4fe
Remove a common (icmpstat).
2004-08-03 13:58:59 +00:00
yamt
48d156e320
call PFIL_NEWIF hooks at a correct place.
...
(on SIOCAIFADDR rather than SIOCGIFALIAS.)
from Peter Postma, PR/26402.
ok'ed by itojun.
2004-07-26 13:43:14 +00:00
martti
7ff15b917f
Upgraded IPFilter to 4.1.3
2004-07-23 05:39:03 +00:00
martti
9e82a8bf0d
Import IPFilter 4.1.3
2004-07-23 05:33:55 +00:00
yamt
4374881880
fix typos. PFIL_HOOK -> PFIL_HOOKS
2004-07-18 11:37:38 +00:00
itojun
5807e550e5
typo. Bruno Rohee
2004-07-09 09:15:02 +00:00
christos
d397fc692a
Bring in flags from 4.1.2 to make things compile.
2004-07-08 02:52:02 +00:00
mycroft
cc559c8583
Fix SIOCSIFNETMASK -- it needs to use in_ifscrub() and in_ifinit() to update
...
the interface route and various internal state. Also, it should use an ifreq,
not an if_aliasreq. Addresses PR 9604. (Nothing in our source tree uses
SIOCSIFNETMASK, though. Perhaps it should be deprecated.)
2004-07-07 01:39:00 +00:00
minoura
c3ed038115
Remove broken code for now: getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY,...).
...
It returned EINVAL, now returns ENOPROTOOPT.
Ok'd by itojun.
2004-07-06 04:30:27 +00:00
heas
192b371d42
Adjust description for net.inet.udp.checksum; it does not controll checking,
...
only computing.
2004-07-02 18:19:51 +00:00
christos
01a2047486
PR/25999: Jeff Rizzo: ipf: ipnat is corrupting "bimap" translations in 2.0_BETA and -current
2004-06-29 22:44:59 +00:00
itojun
2aef0b1784
correct TCP-MD5 support. Jeff Rizzo
2004-06-26 03:29:15 +00:00
itojun
db45a6f189
icmp_reflect: check if m_pkthdr.rcvif is non-NULL before touching it.
...
icmp_reflect could be called from the output path, so m_pkthdr.rcvif may not
be set. (found by panic when PF is configured "block return all")
2004-06-25 15:43:00 +00:00
itojun
59302fc979
be careful touching m_pkthdr.rcvif, it could be NULL if the packet was
...
generated from local node and icmp_error calls icmp_reflect.
2004-06-25 15:24:41 +00:00
itojun
047170b1cc
prepare PF-related hooks. reviewed by matt, perry, christos
2004-06-22 12:50:41 +00:00
tron
c465794d70
Correct two errors in fr_check():
...
1.) Make sure that "pass" is always initialized.
2.) Make sure the code doesn't use a stale mbuf pointer after fr_makefrip()
has been called. This fixes PR kern/25868.
Analyzed and reviewed by Steve Woodford.
2004-06-16 14:06:23 +00:00
tron
fcda778c8f
Don't leak mbuf if ipfr_fastroute6() fails.
...
Reviewed by Steve Woodford.
2004-06-16 14:02:39 +00:00
itojun
b834441eb5
update mtu value if outgoing interface changes with ipsec ops
...
(draft-touch-vpn case only?) iij seil team
2004-06-01 05:06:56 +00:00
itojun
b4ea6633c0
fix SIOC*LIFADDR for IPv4. markus friedl
2004-05-30 06:37:07 +00:00
atatat
4de3747b89
Sysctl descriptions under net subtree (net.key not done)
2004-05-25 04:33:59 +00:00
jonathan
349ad018c7
Remove now-unused variable.
2004-05-23 00:37:27 +00:00
jonathan
c8c7a6dbab
With FAST_IPSEC, include <netipsec/key.h>, as Itojun's recent changes
...
now require KEY_FREESAV() to be in scope.
2004-05-20 22:59:02 +00:00
christos
bd67b97d6a
PR/25622: IPV6 return RST and through cloned interfaces was broken.
...
- checksum was computed incorrectly.
- ipv6 packet was not initialized properly.
- fixed code to be more similar to the v4 counterpart.
2004-05-20 13:55:31 +00:00
christos
b78a596c7a
PR/25646: Perry Metzger: Commit a patch that compiles awaiting feedback.
2004-05-20 13:54:19 +00:00