Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
117,418 Commits 606 Branches 0 Tags 3.1 GiB
0a4f15d329
Commit Graph

1206 Commits

Author SHA1 Message Date
itojun
6b33d95e22 send icmp admin prohibit if socket policy mismatches. 2003-09-12 09:55:22 +00:00
itojun
644a4857fb cut-and-paste error. Valeriy E. Ushakov 2003-09-10 01:46:27 +00:00
itojun
99bc41d6fd if IPsec inbound policy mismatches, respond to SYN with RST (instead of 
just dropping it), allow client to react quickly.
 2003-09-10 00:58:29 +00:00
itojun
495bd5ff91 initialize ip_hl for ipsec policy lookup. PR kern/22715 2003-09-08 02:06:34 +00:00
itojun
32e3deae21 randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability 
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.
 2003-09-06 03:36:30 +00:00
itojun
175c9afa3f clarify flowlabel handling 2003-09-06 03:12:51 +00:00
itojun
dd45bfac41 backout previous, we don't know if arc4random() corrides on reboot. 2003-09-06 00:24:54 +00:00
itojun
9636351c96 u_short -> u_int16_t 2003-09-05 23:02:40 +00:00
itojun
186bd1ad6a initialize fragment ID with arc4random, not by time.tv_sec 2003-09-05 22:09:38 +00:00
itojun
495906ca8e revamp inpcb/in6pcb so that they are more aligned with each other. 
in6pcb lookup now uses hash(9).
 2003-09-04 09:16:57 +00:00
itojun
5c39f4aaa7 don't intiialize m by m0, m0 is not initialized (by introduction of ip_fragment) 2003-08-27 02:09:59 +00:00
itojun
3e76200c67 need sys/domain.h for FAST_IPSEC case; jonathan 2003-08-23 01:41:10 +00:00
itojun
a3bad645a4 make sure so is properly initialized 2003-08-22 22:49:34 +00:00
itojun
58f57a60fd tp could be null in tcp_respond() 2003-08-22 22:27:07 +00:00
itojun
4e6aca94c2 correct missing inclusion of opt_ipsec.h 2003-08-22 22:11:44 +00:00
itojun
11ede1ed88 remove ipsec_set/getsocket. now we explicitly pass socket * to ip{,6}_output. 2003-08-22 22:00:36 +00:00
itojun
82eb4ce914 change the additional arg to be passed to ip{,6}_output to struct socket *. 
this fixes KAME policy lookup which was broken by the previous commit.
 2003-08-22 21:53:01 +00:00
jonathan
9339ef0381 Change KAME code for ip_output()/ip6_output() to obtain struct socket* 
from the explicit inpcb*/in6pcb* argument.  set_socket() becomes redundant.
 2003-08-22 20:29:00 +00:00
jonathan
902669955f Replace the set_socket() method of passing an extra struct socket* 
argument to ip6_output() with a new explicit struct in6pcb* argument.
(The underlying socket can be obtained via in6pcb->inp6_socket.)

In preparation for fast-ipsec.  Reviewed by itojun.
 2003-08-22 20:20:09 +00:00
jonathan
6196bbe72d Honour the M_CSUM_NO_PSEUDOHDR, if set on inbound TCP and UDP packets. 
Tested against  bcm5700 with patched if_bge.c.
 2003-08-21 14:49:49 +00:00
itojun
b83dd2f98b remove unneeded #ifdef __NetBSD__ 2003-08-19 08:00:54 +00:00
itojun
ade8129bdc make ip_fragment public (it is for coming PF integration) 2003-08-19 01:20:03 +00:00
christos
ae572737ba make ip_fragment static and add prototype. 2003-08-19 00:54:41 +00:00
itojun
4f8ba921cd correct ip_multicast_if fix to always set ifp (tnx Shiva) 2003-08-19 00:17:38 +00:00
itojun
449b5c43d4 since we cope with packets with addess on !IFF_UP interface in ip_input() 
properly, IFF_UP check in INADDR_TO_IA is obsolete (or too much).
 2003-08-18 22:28:51 +00:00
itojun
122edbc337 fix problem we can't drop membership on !IFF_UP interface. 
reported by Shiva Shenoy

while we're here, fix another problem when the same interface address is
assigned to !IFF_MULTICAST and IFF_MULTICAST interface.  if ip_multicast_if()
returns the first one, join/leave will fail, which is not an desired effect.
 2003-08-18 22:23:22 +00:00
itojun
3bcba4f62b do not disconnect L4 connections on IP address removal. the behavior 
is too extreme (consider DHCP/PPP-based fixed address allocation).
see tech-net for more info.
 2003-08-16 11:30:35 +00:00
martti
03506a6ef3 Fix return-rst for IPv6 (PR#22157 by Peter Postma). 2003-08-15 08:11:09 +00:00
jonathan
28b5f5dfab (fast-ipsec): Add hooks to pass IPv4 IPsec traffic into fast-ipsec, if 
configured with ``options FAST_IPSEC''.  Kernels with KAME IPsec or
with no IPsec should work as before.

All calls to ip_output() now always pass an additional compulsory
argument: the inpcb associated with the packet being sent,
or 0 if no inpcb is available.

Fast-ipsec tested with ICMP or UDP over ESP. TCP doesn't work, yet.
 2003-08-15 03:42:00 +00:00
itojun
fd3f06dabb enforce ipsec policy on raw wildcard. 2003-08-14 07:57:40 +00:00
agc
aad01611e7 Move UCB-licensed code from 4-clause to 3-clause licence. 
Patches provided by Joel Baker in PR 22364, verified by myself.
 2003-08-07 16:26:28 +00:00
itojun
e4feda72ab avoid code dup when check broadcast addr in bind(2) 2003-07-22 02:09:30 +00:00
itojun
074166110c permit bind(2) to broadcast address, as it was permitted before. 
(for instance, "ntpd -b" was broken since revision 1.82)
found report on http://pc.2ch.net/unix
 2003-07-21 07:02:35 +00:00
he
80ccb5520c As a temporary workaround, apply the fix from PR#20390, thereby 
cooperating with the callout code in working around the race
condition caused by the TCP code's use of the callout facility.

Instead of unconditionally releasing memory in tcp_close() and
SYN_CACHE_PUT(), check whether any of the related callout handlers
are about to be invoked (but have not yet done callout_ack()), and
if so, just mark the associated data structure (tcpcb or syn cache
entry) as "dead", and test for this (and release storage) in the
callout handler functions.
 2003-07-20 16:35:07 +00:00
itojun
4c19286f97 correct igmp. from love 2003-07-14 16:39:43 +00:00
ragge
9e2d68cb61 Make it possible to set TCP_INIT_WIN and TCP_INIT_WIN_LOCAL in the config 
file as options.
 2003-07-03 08:28:16 +00:00
itojun
022df20c75 minor KNF 2003-07-03 05:03:53 +00:00
ragge
cb6b5a36c4 Make the fast-search stuff an option. There are still reports on 
problem with it.
 2003-07-02 21:43:49 +00:00
ragge
c6308a0598 Fix previous bug. Thanks to Enami for spotting the (obvious) error, and 
to other people with much help with bug reports etc.
While fixing, change some of the code I added last time to make it
cleaner and simpler.
 2003-07-02 19:33:20 +00:00
ragge
c04e1a5756 Disable the code I checked in yesterday; reports that samba (!) are crashing 
machines with it. Will do some more tests.
 2003-06-30 14:51:06 +00:00
itojun
7e53aaa8dd better ip_mrouter_detach(). by ono@kame 2003-06-30 10:34:53 +00:00
itojun
38d08be727 do not generate ICMP redirect when packet filter alters ip_dst to an 
address that reside on the same link.  Cedric Berger convinced me that
it is necessary.
 2003-06-30 07:54:28 +00:00
itojun
1db5330c52 freebsd code somehow crept in 2003-06-30 02:08:28 +00:00
itojun
7ded9690f4 after pfil_run_hooks, need to fix hlen as well 2003-06-30 01:22:51 +00:00
itojun
868bbd9978 fix indent 2003-06-30 01:21:11 +00:00
itojun
725c585956 remove IPv4 hook if IPv6 hook fails (seems to be cut-and-paste error). 2003-06-30 00:15:12 +00:00
fvdl
d5aece61d6 Back out the lwp/ktrace changes. They contained a lot of colateral damage, 
and need to be examined and discussed more.
 2003-06-29 22:28:00 +00:00
ragge
679db94879 Add code to remember where in the send queue of mbufs the last packet was 
sent from. This change avoid a linear search through all mbufs when using
large TCP windows, and therefore permit high-speed connections on long
distances.

Tested on a 1 Gigabit connection between Luleå and San Francisco, a distance
of about 15000km.  With TCP windows of just over 20 Mbytes it could keep up
with 950Mbit/s.

After discussions with Matt Thomas and Jason Thorpe.
 2003-06-29 18:58:26 +00:00
simonb
130b423e90 Fix a nit in a comment. 2003-06-29 12:00:47 +00:00
darrenr
960df3c8d1 Pass lwp pointers throughtout the kernel, as required, so that the lwpid can 
be inserted into ktrace records.  The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
 2003-06-28 14:20:43 +00:00