Commit Graph

74 Commits

Author SHA1 Message Date
thorpej 0e3a0a7f80 Once a fragmented IP packet has been reassembled, recompute the packet
length before passing it up the stack.  From FreeBSD.
1998-11-13 03:24:22 +00:00
thorpej 14f5ac9081 Use the pool allocator for ipflow entries. 1998-10-08 01:41:45 +00:00
thorpej 974aa74abd Use the pool allocator for ipqent structures. 1998-10-08 01:19:25 +00:00
tls c4730d65cf Switch order of TNF and UCB copyrights so UCB copyright is first; this seems more appropriate since UCB wrote the original code, after all. 1998-09-30 21:52:24 +00:00
thorpej 9fd57e8917 Make a diagnostic printf more sensible, PR #5951, Heiko W. Rupp. 1998-09-09 04:57:18 +00:00
mrg 4a75265273 defopt PFIL_HOOKS. 1998-08-09 08:58:18 +00:00
sommerfe 534520d815 Fix PR5508: ipfil cut-through forwarding causes panic 1998-07-17 00:28:00 +00:00
thorpej 08b5a4ecb8 Protect the ipflow_reap() call with splsoftnet. 1998-06-01 00:39:37 +00:00
thorpej f555f6d93f Fix OBOB in IP timestamp option processing, as noted in FreeBSD PR 6738,
from Jennifer Dawn Meyers <jdm@enteract.com>.
1998-05-24 20:14:53 +00:00
matt 36eac04cc0 Default IP flow to being enabled. Add a sysctl to control the maximum
number of flows (net.inet.ip.maxflows).  If set to 0, will disable fast
path forwarding.
1998-05-04 19:24:53 +00:00
thorpej 4452bc9a21 Allow packet filters to prevent a packet from creating a fast-forwarding
flow, by setting the "can fast forward" flag in the packet header, and
giving a chance for filters to clear the flag.  If the flag is still
set after the filters have given it a chance, the packet will be used
to create a fast-forward flow entry.
1998-05-01 03:23:24 +00:00
matt d4d709f7d0 Add support for "fast" forwarding. Add hooks in if_ethersubr.c and
if_fddisubr.c to fastpath IP forwarding.  If ip_forward successfully
forwards a packet, it will create a cache (ipflow) entry.  ether_input
and fddi_input will first call ipflow_fastforward with the received
packet and if the packet passes enough tests, it will be forwarded (the
ttl is decremented and the cksum is adjusted incrementally).
1998-04-29 21:37:52 +00:00
matt 37d70e3b46 defopt GATEWAY 1998-04-29 20:45:30 +00:00
kml eadcaa201c change path MTU timeout value to match RFC 1191 1998-04-29 03:45:52 +00:00
kml 1579dcec47 Add support for deletion of routes added by path MTU discovery;
uses new generic route timeout code.  Add sysctl for timeout period.
1998-04-29 03:44:11 +00:00
mrg 45159fa631 convert pfil(9) in and out lists from <sys/queue.h> LISTs to TAILQs, and
change pfil_add_hook to put output filters at the tail of the queue,
while continuing to place input filters at the head of the queue.  update
the two users of these functions, and document these changes.

fixes PR#4593.
1998-03-19 15:45:30 +00:00
tls 91de585d5f Add correct copyright notice for IP address hash change. This code is donated to TNF by the original copyright holder, Panix. 1998-02-15 18:24:23 +00:00
tls c9934a9084 Change list of interface IP addresses to a hash. Improves performance on hosts with a large number of IP addresses significantly. 1998-02-13 18:21:38 +00:00
thorpej 4c54445530 Use offsetof() from libkern.h 1998-01-28 02:35:10 +00:00
scottr 54ea074777 Use option header file for MROUTING 1998-01-12 03:02:48 +00:00
lukem 1f8f74b669 enhance ephemeral port allocation code:
* support sysctl net.inet.ip.anonportmin (lowest ephemeral port)
  and net.inet.ip.anonportmax (highest ephemeral port).
  these can't be set to >65535, < IPPORT_RESERVED (unless IPNOPRIVPORTS
  is defined), and anonportmin has to be < anonportmax.
* use a cleaner way of only cycling through the available set once;
  this will be useful for when a random allocation scheme is used
* define IPPORT_ANON{MIN,MAX} instead of IPPORT_USER{LOW,HIGH}
1998-01-05 09:52:02 +00:00
kml 6b86b260cb change sysctl net.inet.icmp.mtudisc to net.inet.ip.mtudisc 1997-10-18 21:18:28 +00:00
thorpej 10f29f9bcb Allow `subnetsarelocal' to be changed via sysctl. 1997-10-17 21:20:49 +00:00
gwr c74236bfc9 Tweaks to allow operation with an interface address of 0.0.0.0
(needed for NFS mountroot using BOOTP to get boot parameters)
1997-08-29 16:02:41 +00:00
thorpej a0e791807e Eliminate use of dtom() from the network code, allowing more flexible
use of mbuf external storage and increasing performance (by eliminating
an m_pullup() for clusters in the IP reassembly code).

Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628
and #3480, with ever-so-slight integration changes by me.
1997-06-24 02:25:59 +00:00
christos 0659cacda6 Move the mtod calls *after* we've made sure that the packet has passed the
filter successfully. Otherwise it can be NULL if the filter blocked it,
and we die. How did this ever work?
1997-04-15 00:41:52 +00:00
mrg 78cd2f6f78 allow src-routed packetd by default, per host requirements 1997-02-26 04:09:32 +00:00
cjs 8a449a258b Add net.inet.ip.allowsrcrt option which allows/drops all source
routed packets. This currently defaults to `drop,' but once we
verify  that all applications that rely on determining remote IP
addresses for authentication are dropping the connection when they
see a source route option (not just disabling the source route
option), we can turn this back on and conform with the host
requirements.
1997-02-25 08:35:41 +00:00
cjs 788bcc9857 Fix bug in sysctl net.inet.ip.forwsrcrt handing: now you can read it
if securelevel > 0. (Thanks, cgd.)
1997-02-19 08:30:04 +00:00
mrg 4c8bfe2630 pseudo-device ipfilter brings in PFIL_HOOKS. 1997-02-18 20:49:32 +00:00
thorpej 9df1988ac8 Implement the IP_RECVIF socket option: supply a datagram packet's incoming
interface using a sockaddr_dl in a control mbuf.

Implement SO_TIMESTAMP for IP datagrams.

Move packet information option processing into a generic function
so that they work with multicast UDP and raw IP as well as unicast UDP.

Contributed by Bill Fenner <fenner@parc.xerox.com>.
1997-01-11 05:21:07 +00:00
mrg 04ce281a19 in pfil_hooks: always reassign ip after calling hook. 1996-12-20 09:08:14 +00:00
mrg a24be0b669 remove pfil_bad. 1996-12-20 08:39:27 +00:00
thorpej e55c8a9c7e Before concatenating frags, sanity check the length of the packet. If it's
larger than IP_MAXPACKET, discard it.
Based on a patch from Bill Fenner <fenner@parc.xerox.com>
1996-10-25 06:30:32 +00:00
veego b962d9a3eb Fix a panic from the pfil_hooks. 1996-10-22 11:27:05 +00:00
christos 5545959d0b backout previous kprintf changes 1996-10-13 02:03:00 +00:00
christos 6d7ad25bea printf -> kprintf, sprintf -> ksprintf 1996-10-10 23:12:43 +00:00
perry 17fcad6b2c commit fix in pr 2772 -- the IP input code was assuming that the
reserved (must be zero) flag must necessarily be zero. We now define
an IP_RF (by analogy to IP_DF and IP_MF) and mask it out when necessary.
1996-09-21 19:44:32 +00:00
mrg a5f00f16bc move the packet filter hooks in to a saner location. while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.
1996-09-14 14:40:20 +00:00
mycroft 62a6cce9ca Add in_nullhost() and in_hosteq() macros, to hide some protocol
details.  Also, fix a bug in TCP wrt SYN+URG packets.
1996-09-09 14:51:07 +00:00
mycroft f5c7d8bcc1 Save 68 bytes of the packet for ICMP, not 64. From Laine Stump, PR 2296. 1996-09-08 15:49:43 +00:00
mrg ae47956db0 add packet filter interface code. see pfil(9) for more details. you
need the PACKET_FILTER option to enable this code.  currently, ipfilter
version 3.1.1-beta has been converted to use this new interface.
1996-09-06 05:07:43 +00:00
thorpej 3ca11aa1ad Fix some DIAGNOSTIC printf() formats; ntohl() provides a 32-bit quantity,
and should be printed with %x, not %lx.
1996-08-14 03:46:44 +00:00
cgd 9764a289cd print result of ntohl/htonl as a long. (makes -Wformat work on the
Alpha.)
1996-07-10 18:13:35 +00:00
christos 2769793c13 Fix printf format args. 1996-03-16 23:53:58 +00:00
mrg 32cdb91fa3 two more local addr changes, all done differently now (idea from charles) 1996-02-26 23:16:42 +00:00
christos 14d9cd33af netinet prototypes 1996-02-13 23:40:59 +00:00
thorpej 535abd80a2 Add a net.inet.ip.directed-broadcast sysctl as suggested by
Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au> in PR #1227.
This change is slightly different than the one submitted by Darren in
that the DIRECTED_BROADCAST compile-time option will behave like it used
to so that existing configurations utilizing it won't have to change.
1996-01-16 04:17:30 +00:00
thorpej 4b359df8c4 Add net.inet.ip.forwsrcrt: if zero, the system will not forward
source-routed packets.  Note this value is protected by kernel security
level; it can only be changed if securelevel < 1.
1996-01-15 21:11:46 +00:00
cgd dfad729a16 make netinet work on systems where pointers and longs are 64 bits
(like the alpha).  Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines.  Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.
1995-11-21 01:07:34 +00:00