Commit Graph

300 Commits

Author SHA1 Message Date
explorer 790e114732 Add hooks to use the kernel random system to generate TCP sequence numbers. 1997-10-10 01:51:07 +00:00
thorpej 67a3811e05 Fix an oversight in my previous MSS-related changes:
Basically, in silly window avoidance, don't use the raw MSS we advertised
to the peer.  What we really want here is the _expected_ size of received
segments, so we need to account for the path MTU (eventually; right now,
the interface MTU for "local" addresses and loopback or tcp_mssdflt for
non-local addresses).  Without this, silly window avoidance would never
kick in if we advertised a very large (e.g. ~64k) MSS to the peer.
1997-10-08 16:32:48 +00:00
is fabb33431c Reimplement a test for broadcast addresses advertized, which was left out
when rewriting the ARP system.
1997-10-02 19:41:56 +00:00
thorpej 4ed600dbd0 Fix several annoyances related to MSS handling in BSD TCP:
- Don't overload t_maxseg.  Previous behavior was to set it to the min
  of the peer's advertised MSS, our advertised MSS, and tcp_mssdflt
  (for non-local networks).  This breaks PMTU discovery running on
  either host.  Instead, remember the MSS we advertise, and use it
  as appropriate (in silly window avoidance).
- Per last bullet, split tcp_mss() into several functions for handling
  MSS (ours and peer's), and performing various tasks when a connection
  becomes ESTABLISHED.
- Introduce a new function, tcp_segsize(), which computes the max size
  for every segment transmitted in tcp_output().  This will eventually
  be used to hook in PMTU discovery.
1997-09-22 21:49:55 +00:00
thorpej de572198ad Implement in_pcbrtentry() - return the route associated with a PCB. If
one does not exist, attempt to allocate one.  This is mostly pulled from
tcp_input.c.
1997-09-22 21:39:40 +00:00
veego 4508fb4354 Resolve conflicts from the merge of ipf 3.2beta5. 1997-09-21 18:00:54 +00:00
veego 985ac74a98 Import ip-filter 3.2beta5 1997-09-21 16:47:50 +00:00
drochner d8f1d9401e Adjust packet len in mbuf header for incoming broadcasts.
Closes PR kern/4087 (by myself).
1997-09-12 10:58:31 +00:00
gwr c74236bfc9 Tweaks to allow operation with an interface address of 0.0.0.0
(needed for NFS mountroot using BOOTP to get boot parameters)
1997-08-29 16:02:41 +00:00
matt b2b8155618 Add IPPROTO_ESP and IPPROTO_AH defines. 1997-08-27 17:05:34 +00:00
thorpej ca0bba0081 Add ICMP unreachable code #13 - "Communication Administratively Prohibited",
per RFC 1716.  From Havard Eidnes <he@vader.runit.sintef.no>, PR #4038.
1997-08-26 18:27:53 +00:00
mycroft e76ba36231 Make sure we install the route returned by the upcall before trying to
forward any queued packets.  From Bill Fenner, via Brad Karp.
1997-08-14 06:42:33 +00:00
lukem fcbcbc2234 struct loif is an array of NLOOP (from "loop.h") elements 1997-08-04 06:18:49 +00:00
is 240cc2913e Include file in place of the old netinet/if_ether.h, including stuff from
where it is now, and adding the specialized for Ethernet version of the ARP
structure, for the benefit of programs which are externally (to us) maintained
and not (yet) ported.
XXX This should NOT be used inside the kernel.
1997-07-29 09:10:51 +00:00
thorpej 4cef61d36b Generate dependencies for the TCP_SENDSPACE and TCP_RECVSPACE options. 1997-07-28 22:31:08 +00:00
thorpej db103f4414 Make the following tunable via sysctl, inspired by BSD/OS:
- udp_sendspace
- udp_recvspace
1997-07-28 22:19:53 +00:00
thorpej 758a104426 Make the following tunable via sysctl, inspired by BSD/OS:
- tcp_sendspace
- tcp_recvspace
- tcp_mssdflt
- tcp_syn_cache_limit
- tcp_syn_bucket_limit
- tcp_syn_cache_timer
1997-07-28 22:18:48 +00:00
thorpej 402ae96361 Garbage-collect some "extern"s. 1997-07-28 22:07:38 +00:00
thorpej e794123006 Fix a rather severe bug in handling of incoming SYNs for peer/port values
which happen to have a TCB in TIME_WAIT, where an mbuf which had been
advanced past the IP+TCP headers and TCP options would be reused as if
it had not been advanced.  Problem found by Juergen Hannken-Illjes, who
also suggested a work-around on which this fix is based.
1997-07-28 01:07:48 +00:00
thorpej efa8881dbe Pull SYN_cache_branch down into the main line. 1997-07-23 21:26:40 +00:00
kleink 512b9c1d90 Nuke an `#ifdef sparc' conditional around ntohs() usage: this (1) is incomplete
and (2) makes no difference anyway.  Also, minor KNF.
1997-07-21 16:53:47 +00:00
kleink b2bead304f Fix a misplaced brace which caused NAT list corruption; from Dave Huang
<khym@bga.com> in PR kern/3872.
1997-07-16 11:06:07 +00:00
mrg 02e5531ec7 put back IPFILTER_DEFAULT_BLOCK, as documented in options(4). 1997-07-08 05:54:02 +00:00
veego 29fcbcb000 Use FR_PASS for IPF_DEFAULT_PASS. This can be overwritten with an
options IPF_DEFAULT_PASS=FR_BLOCK in your config file.
1997-07-07 23:08:22 +00:00
fvdl 413872caa0 Get rid of (void) cast to KFREE, as it may be a macro, in which case
the cast will be a syntax error.
1997-07-07 22:21:21 +00:00
phil ccfe711608 Protect against double inclusion. PR 3524. 1997-07-07 20:57:46 +00:00
thorpej ba90103dd6 The fingerprint of (*fr_checkp)() is the same if compiling in kernel
or user code.
1997-07-06 22:32:34 +00:00
thorpej e0acb98b94 Fix an old and obscure TCP bug, brought to my attention by Bill Fenner,
fixed in FreeBSD by John Polstra:

Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern.  For full details
as well as a test case that demonstrates the failure, see the
referenced PR (FreeBSD's kern/3998).

   Under certain circumstances involving the persist state, it is
   possible for the receive side's tp->rcv_nxt to advance beyond its
   tp->rcv_adv.  This causes (tp->rcv_adv - tp->rcv_nxt) to become
   negative.  However, in the code affected by this fix, that difference
   was interpreted as an unsigned number by max().  Since it was
   negative, it was taken as a huge unsigned number.  The effect was
   to cause the receiver to believe that its receive window had negative
   size, thereby rejecting all received segments including ACKs.  As
   the test case shows, this led to fruitless retransmissions and
   eventually to a dropped connection.  Even connections using the
   loopback interface could be dropped.  The fix substitutes the signed
   imax() for the unsigned max() function.

Bill informs me that his research indicates this bug appeared in Reno.
1997-07-06 07:04:34 +00:00
thorpej b19b36aff5 Restore original RCS IDs. 1997-07-06 05:29:13 +00:00
thorpej 329a831bd5 Deal with a bogus warning from -Wuninitialized. 1997-07-06 05:14:08 +00:00
thorpej 0feb054b62 - Add a missing #ifdef SOLARIS
- Properly prototype ipfilterattach()/iplattach().
1997-07-06 05:13:40 +00:00
thorpej c68633278f - Add a prototype for fixskip() so that this file compiles.
- Fix, ONCE AGAIN, semantics of ipfilterattach().  This time, not only
  was it semantically broken, it wasn't even close to compiling!
1997-07-06 05:13:00 +00:00
thorpej 3fb8ff16e8 The sheer number of #ifdef's around it should have been a hint that
#include <machine/mtpr.h> isn't something you're supposed to do in
NetBSD.
1997-07-06 05:11:28 +00:00
thorpej ab01c534f6 Fix a bug caught by gcc: add parenthesis to properly group a test. 1997-07-06 05:10:41 +00:00
thorpej 90c43e78e2 Import yet another missing piece of IPFilter 3.2beta1. 1997-07-06 05:02:26 +00:00
thorpej 5a85b0d9fa Import ip_auth.h from IPFilter 3.2beta1; this was missed during the
upgrade.
1997-07-06 04:58:52 +00:00
darrenr 729f0dc597 fix conflicts from import 1997-07-05 05:38:14 +00:00
thorpej 9bf15b8b78 Don't adjust ip->ip_len before calling icmp_error(); icmp_error() already
does this.  Per Stevens in TCP/IP Illustrated Vol. 2, p.774, submitted
by Koji Imada <koji@math.human.nagoya-u.ac.jp>.
1997-06-24 19:31:34 +00:00
thorpej a0e791807e Eliminate use of dtom() from the network code, allowing more flexible
use of mbuf external storage and increasing performance (by eliminating
an m_pullup() for clusters in the IP reassembly code).

Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628
and #3480, with ever-so-slight integration changes by me.
1997-06-24 02:25:59 +00:00
thorpej b791871522 Increment icmpstat.icps_badlen for bad length of ICMP_MASKREQ, per
Stevens in TCP/IP Illustrated vol. 2, p.319.  Submitted by
Koji Imada <koji@math.human.nagoya-u.ac.jp> in PR #3712.
1997-06-24 01:26:19 +00:00
kleink b8377e5395 As per RFC 793, don't retransmit the FIN during a simultaneous close.
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3737
and TCP/IP Illustrated, Vol. 2, respectively.
1997-06-18 10:05:44 +00:00
mrg c258d0d05e make it "options IPFILTER_DEFAULT_BLOCK". 1997-06-16 13:38:05 +00:00
kleink 8fb48a5db9 Eliminate a superflouus `if' statement: when detaching the TCP protocol from
a socket, just calling tcp_disconnect() on the tcpcb will do the right thing.
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3738
resp. TCP/IP Illustrated, Vol. 2.
1997-06-12 18:41:14 +00:00
kml 6a233e37f6 Fix urgent pointer overflow problems when used with large windows 1997-06-03 16:17:09 +00:00
thorpej 5b0d69d6a8 In ipl_disable(), don't conditionalize the "fr_checkp = fr_savep"
operation, since:
	- in ipl_enable(), "fr_savep = fr_checkp" is not conditionalized
	  in the same way (not at all), and
	- without this change, it was not possible to enable, disable,
	  and reenable ipfilter.
1997-06-01 06:57:09 +00:00
thorpej a464ced388 Change the aps_tout member of struct ap_session from time_t to u_long
so that it can be passed to the filter rule aging functions, which
expect a pointer to a u_long.  (time_t is an int on the alpha.)
1997-05-28 04:59:34 +00:00
thorpej fa7df10d8b Put the #ifndef _KERNEL prototype of get_unit() in <netinet/ip_fil.h>
since it is needed by other files, in order to compile on 64-bit
architectures.
1997-05-28 04:48:47 +00:00
thorpej 41d4822677 Resolve conflicts from merge of 3.2a7, take 2. Also, eliminate some
silly differences between the NetBSD copy of the code and the
vendor branch, keeping only those which are necessary.  Of those
differences that currently exist, several "portability to NetBSD"
issues, which will be fed back to the ipfilter author.
1997-05-28 00:17:11 +00:00
gwr 3cb60b969d Allow revarpwhoami() to be called multiple times.
(Just return the answer if we already have it.)
Without this, the RB_ASKNAME loop fails on every
call to nfs_mountroot after the first call.
1997-05-27 23:14:44 +00:00
thorpej 67a6c44c15 Make this compile on 32-bit architectures again:
- Pull in includes to get appropriate prototypes.
1997-05-27 01:24:31 +00:00