Commit Graph

322 Commits

Author SHA1 Message Date
mrg
2a9598ccdf fixes for memory leaks in proxying, and byte ordering problems. from darren reed. 1997-11-25 03:14:11 +00:00
thorpej
9f18d18071 Slight change to the previous: just drop the packet in the self-connect
case.  Sending an RST to ourselves is a little silly, considering that
we'll just attempt to remove a non-existent compressed state entry and
then drop the packet anyway.
1997-11-21 06:41:54 +00:00
thorpej
ebd40d53e1 In tcp_input(), if the PCB we lookup for an incoming packet is a listen
socket:
- If we received a SYN,ACK, send an RST.
- If we received a SYN, and the connection attempt appears to come from
  itself, send an RST, since it cannot possibly be valid.
1997-11-21 06:18:30 +00:00
thorpej
e2a99027d2 Add missing (implied) int to a variable declaration. 1997-11-20 19:12:41 +00:00
thorpej
ad1ef53725 Deal with a problem where ephemeral port shortage would case a PCB's
local address to be set, causing all further attemps to bind that PCB
to fail.  From Koji Imada, PR #3857.
1997-11-20 04:53:37 +00:00
mrg
fc911d1529 fix checksum problems (from marc boucher via darren reed). 1997-11-17 14:33:46 +00:00
mycroft
466fb6d0db On output, if the packet length doesn't match the length in the IP header,
drop the packet with EINVAL.
1997-11-16 20:58:18 +00:00
mrg
84ecff38c2 merge ip-filter 3.2.1 1997-11-14 12:40:06 +00:00
mrg
61cbfaca09 import ip-filter 3.2.1 1997-11-14 08:03:01 +00:00
kml
3b9fc85803 Remove an extraneous call to rtfree() in the path mtu discovery code;
this was causing negative reference counts on routes...
1997-11-11 21:10:50 +00:00
kml
86275dc497 TCP MSS fixes to provide cleaner slow-start and recovery. 1997-11-08 02:35:22 +00:00
gwr
011d063b25 Get rid of the messages: "arp: zero IP addr from ..."
If one really wants to know about those confused PCs
trying to use IP address zero, they can use tcpdump.
1997-10-31 02:54:08 +00:00
mrg
60c28e1f95 sigh. merge ipfilter 3.2 onto the trunk. merge to the branch was a mistake. 1997-10-30 16:08:54 +00:00
mrg
44c002beb1 import ip-filter 3.2 1997-10-30 05:27:24 +00:00
kml
560395f6f4 Changes to path MTU discovery to correctly handle "needs
fragmentation" ICMP messages that specify a new MTU size of zero
(from, say, old buggy Linux kernels).
1997-10-29 05:28:44 +00:00
kml
c8e01708d1 remove extraneous icmp_do_mtudisc 1997-10-18 21:21:28 +00:00
kml
6b86b260cb change sysctl net.inet.icmp.mtudisc to net.inet.ip.mtudisc 1997-10-18 21:18:28 +00:00
kml
323c04642b Path MTU Discovery support. This is turned off by default.
Use sysctl -w net.inet.icmp.mtudisc=1 to turn on.
Still to come:  path removal after some period, black hole detection
1997-10-17 22:12:14 +00:00
thorpej
10f29f9bcb Allow `subnetsarelocal' to be changed via sysctl. 1997-10-17 21:20:49 +00:00
thorpej
b174d20bc1 Define IP_RETURNMTU. (Matt missed this part of his diff, I guess :-) 1997-10-14 08:38:01 +00:00
matt
8c42ff649b Add support for returning maximum supported MTU when ip_output fails with
EMSGSIZE.
1997-10-14 00:52:39 +00:00
explorer
80513cb5ae o Make usage of /dev/random dependant on
pseudo-device   rnd                     # /dev/random and in-kernel generator
  in config files.

o Add declaration to all architectures.

o Clean up copyright message in rnd.c, rnd.h, and rndpool.c to include
  that this code is derived in part from Ted Tyso's linux code.
1997-10-13 00:46:08 +00:00
explorer
790e114732 Add hooks to use the kernel random system to generate TCP sequence numbers. 1997-10-10 01:51:07 +00:00
thorpej
67a3811e05 Fix an oversight in my previous MSS-related changes:
Basically, in silly window avoidance, don't use the raw MSS we advertised
to the peer.  What we really want here is the _expected_ size of received
segments, so we need to account for the path MTU (eventually; right now,
the interface MTU for "local" addresses and loopback or tcp_mssdflt for
non-local addresses).  Without this, silly window avoidance would never
kick in if we advertised a very large (e.g. ~64k) MSS to the peer.
1997-10-08 16:32:48 +00:00
is
fabb33431c Reimplement a test for broadcast addresses advertized, which was left out
when rewriting the ARP system.
1997-10-02 19:41:56 +00:00
thorpej
4ed600dbd0 Fix several annoyances related to MSS handling in BSD TCP:
- Don't overload t_maxseg.  Previous behavior was to set it to the min
  of the peer's advertised MSS, our advertised MSS, and tcp_mssdflt
  (for non-local networks).  This breaks PMTU discovery running on
  either host.  Instead, remember the MSS we advertise, and use it
  as appropriate (in silly window avoidance).
- Per last bullet, split tcp_mss() into several functions for handling
  MSS (ours and peer's), and performing various tasks when a connection
  becomes ESTABLISHED.
- Introduce a new function, tcp_segsize(), which computes the max size
  for every segment transmitted in tcp_output().  This will eventually
  be used to hook in PMTU discovery.
1997-09-22 21:49:55 +00:00
thorpej
de572198ad Implement in_pcbrtentry() - return the route associated with a PCB. If
one does not exist, attempt to allocate one.  This is mostly pulled from
tcp_input.c.
1997-09-22 21:39:40 +00:00
veego
4508fb4354 Resolve conflicts from the merge of ipf 3.2beta5. 1997-09-21 18:00:54 +00:00
veego
985ac74a98 Import ip-filter 3.2beta5 1997-09-21 16:47:50 +00:00
drochner
d8f1d9401e Adjust packet len in mbuf header for incoming broadcasts.
Closes PR kern/4087 (by myself).
1997-09-12 10:58:31 +00:00
gwr
c74236bfc9 Tweaks to allow operation with an interface address of 0.0.0.0
(needed for NFS mountroot using BOOTP to get boot parameters)
1997-08-29 16:02:41 +00:00
matt
b2b8155618 Add IPPROTO_ESP and IPPROTO_AH defines. 1997-08-27 17:05:34 +00:00
thorpej
ca0bba0081 Add ICMP unreachable code #13 - "Communication Administratively Prohibited",
per RFC 1716.  From Havard Eidnes <he@vader.runit.sintef.no>, PR #4038.
1997-08-26 18:27:53 +00:00
mycroft
e76ba36231 Make sure we install the route returned by the upcall before trying to
forward any queued packets.  From Bill Fenner, via Brad Karp.
1997-08-14 06:42:33 +00:00
lukem
fcbcbc2234 struct loif is an array of NLOOP (from "loop.h") elements 1997-08-04 06:18:49 +00:00
is
240cc2913e Include file in place of the old netinet/if_ether.h, including stuff from
where it is now, and adding the specialized for Ethernet version of the ARP
structure, for the benefit of programs which are externally (to us) maintained
and not (yet) ported.
XXX This should NOT be used inside the kernel.
1997-07-29 09:10:51 +00:00
thorpej
4cef61d36b Generate dependencies for the TCP_SENDSPACE and TCP_RECVSPACE options. 1997-07-28 22:31:08 +00:00
thorpej
db103f4414 Make the following tunable via sysctl, inspired by BSD/OS:
- udp_sendspace
- udp_recvspace
1997-07-28 22:19:53 +00:00
thorpej
758a104426 Make the following tunable via sysctl, inspired by BSD/OS:
- tcp_sendspace
- tcp_recvspace
- tcp_mssdflt
- tcp_syn_cache_limit
- tcp_syn_bucket_limit
- tcp_syn_cache_timer
1997-07-28 22:18:48 +00:00
thorpej
402ae96361 Garbage-collect some "extern"s. 1997-07-28 22:07:38 +00:00
thorpej
e794123006 Fix a rather severe bug in handling of incoming SYNs for peer/port values
which happen to have a TCB in TIME_WAIT, where an mbuf which had been
advanced past the IP+TCP headers and TCP options would be reused as if
it had not been advanced.  Problem found by Juergen Hannken-Illjes, who
also suggested a work-around on which this fix is based.
1997-07-28 01:07:48 +00:00
thorpej
efa8881dbe Pull SYN_cache_branch down into the main line. 1997-07-23 21:26:40 +00:00
kleink
512b9c1d90 Nuke an `#ifdef sparc' conditional around ntohs() usage: this (1) is incomplete
and (2) makes no difference anyway.  Also, minor KNF.
1997-07-21 16:53:47 +00:00
kleink
b2bead304f Fix a misplaced brace which caused NAT list corruption; from Dave Huang
<khym@bga.com> in PR kern/3872.
1997-07-16 11:06:07 +00:00
mrg
02e5531ec7 put back IPFILTER_DEFAULT_BLOCK, as documented in options(4). 1997-07-08 05:54:02 +00:00
veego
29fcbcb000 Use FR_PASS for IPF_DEFAULT_PASS. This can be overwritten with an
options IPF_DEFAULT_PASS=FR_BLOCK in your config file.
1997-07-07 23:08:22 +00:00
fvdl
413872caa0 Get rid of (void) cast to KFREE, as it may be a macro, in which case
the cast will be a syntax error.
1997-07-07 22:21:21 +00:00
phil
ccfe711608 Protect against double inclusion. PR 3524. 1997-07-07 20:57:46 +00:00
thorpej
ba90103dd6 The fingerprint of (*fr_checkp)() is the same if compiling in kernel
or user code.
1997-07-06 22:32:34 +00:00
thorpej
e0acb98b94 Fix an old and obscure TCP bug, brought to my attention by Bill Fenner,
fixed in FreeBSD by John Polstra:

Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern.  For full details
as well as a test case that demonstrates the failure, see the
referenced PR (FreeBSD's kern/3998).

   Under certain circumstances involving the persist state, it is
   possible for the receive side's tp->rcv_nxt to advance beyond its
   tp->rcv_adv.  This causes (tp->rcv_adv - tp->rcv_nxt) to become
   negative.  However, in the code affected by this fix, that difference
   was interpreted as an unsigned number by max().  Since it was
   negative, it was taken as a huge unsigned number.  The effect was
   to cause the receiver to believe that its receive window had negative
   size, thereby rejecting all received segments including ACKs.  As
   the test case shows, this led to fruitless retransmissions and
   eventually to a dropped connection.  Even connections using the
   loopback interface could be dropped.  The fix substitutes the signed
   imax() for the unsigned max() function.

Bill informs me that his research indicates this bug appeared in Reno.
1997-07-06 07:04:34 +00:00