Commit Graph

54 Commits

Author SHA1 Message Date
lukem
1f8f74b669 enhance ephemeral port allocation code:
* support sysctl net.inet.ip.anonportmin (lowest ephemeral port)
  and net.inet.ip.anonportmax (highest ephemeral port).
  these can't be set to >65535, < IPPORT_RESERVED (unless IPNOPRIVPORTS
  is defined), and anonportmin has to be < anonportmax.
* use a cleaner way of only cycling through the available set once;
  this will be useful for when a random allocation scheme is used
* define IPPORT_ANON{MIN,MAX} instead of IPPORT_USER{LOW,HIGH}
1998-01-05 09:52:02 +00:00
kml
6b86b260cb change sysctl net.inet.icmp.mtudisc to net.inet.ip.mtudisc 1997-10-18 21:18:28 +00:00
thorpej
10f29f9bcb Allow `subnetsarelocal' to be changed via sysctl. 1997-10-17 21:20:49 +00:00
gwr
c74236bfc9 Tweaks to allow operation with an interface address of 0.0.0.0
(needed for NFS mountroot using BOOTP to get boot parameters)
1997-08-29 16:02:41 +00:00
thorpej
a0e791807e Eliminate use of dtom() from the network code, allowing more flexible
use of mbuf external storage and increasing performance (by eliminating
an m_pullup() for clusters in the IP reassembly code).

Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628
and #3480, with ever-so-slight integration changes by me.
1997-06-24 02:25:59 +00:00
christos
0659cacda6 Move the mtod calls *after* we've made sure that the packet has passed the
filter successfully. Otherwise it can be NULL if the filter blocked it,
and we die. How did this ever work?
1997-04-15 00:41:52 +00:00
mrg
78cd2f6f78 allow src-routed packetd by default, per host requirements 1997-02-26 04:09:32 +00:00
cjs
8a449a258b Add net.inet.ip.allowsrcrt option which allows/drops all source
routed packets. This currently defaults to `drop,' but once we
verify  that all applications that rely on determining remote IP
addresses for authentication are dropping the connection when they
see a source route option (not just disabling the source route
option), we can turn this back on and conform with the host
requirements.
1997-02-25 08:35:41 +00:00
cjs
788bcc9857 Fix bug in sysctl net.inet.ip.forwsrcrt handing: now you can read it
if securelevel > 0. (Thanks, cgd.)
1997-02-19 08:30:04 +00:00
mrg
4c8bfe2630 pseudo-device ipfilter brings in PFIL_HOOKS. 1997-02-18 20:49:32 +00:00
thorpej
9df1988ac8 Implement the IP_RECVIF socket option: supply a datagram packet's incoming
interface using a sockaddr_dl in a control mbuf.

Implement SO_TIMESTAMP for IP datagrams.

Move packet information option processing into a generic function
so that they work with multicast UDP and raw IP as well as unicast UDP.

Contributed by Bill Fenner <fenner@parc.xerox.com>.
1997-01-11 05:21:07 +00:00
mrg
04ce281a19 in pfil_hooks: always reassign ip after calling hook. 1996-12-20 09:08:14 +00:00
mrg
a24be0b669 remove pfil_bad. 1996-12-20 08:39:27 +00:00
thorpej
e55c8a9c7e Before concatenating frags, sanity check the length of the packet. If it's
larger than IP_MAXPACKET, discard it.
Based on a patch from Bill Fenner <fenner@parc.xerox.com>
1996-10-25 06:30:32 +00:00
veego
b962d9a3eb Fix a panic from the pfil_hooks. 1996-10-22 11:27:05 +00:00
christos
5545959d0b backout previous kprintf changes 1996-10-13 02:03:00 +00:00
christos
6d7ad25bea printf -> kprintf, sprintf -> ksprintf 1996-10-10 23:12:43 +00:00
perry
17fcad6b2c commit fix in pr 2772 -- the IP input code was assuming that the
reserved (must be zero) flag must necessarily be zero. We now define
an IP_RF (by analogy to IP_DF and IP_MF) and mask it out when necessary.
1996-09-21 19:44:32 +00:00
mrg
a5f00f16bc move the packet filter hooks in to a saner location. while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.
1996-09-14 14:40:20 +00:00
mycroft
62a6cce9ca Add in_nullhost() and in_hosteq() macros, to hide some protocol
details.  Also, fix a bug in TCP wrt SYN+URG packets.
1996-09-09 14:51:07 +00:00
mycroft
f5c7d8bcc1 Save 68 bytes of the packet for ICMP, not 64. From Laine Stump, PR 2296. 1996-09-08 15:49:43 +00:00
mrg
ae47956db0 add packet filter interface code. see pfil(9) for more details. you
need the PACKET_FILTER option to enable this code.  currently, ipfilter
version 3.1.1-beta has been converted to use this new interface.
1996-09-06 05:07:43 +00:00
thorpej
3ca11aa1ad Fix some DIAGNOSTIC printf() formats; ntohl() provides a 32-bit quantity,
and should be printed with %x, not %lx.
1996-08-14 03:46:44 +00:00
cgd
9764a289cd print result of ntohl/htonl as a long. (makes -Wformat work on the
Alpha.)
1996-07-10 18:13:35 +00:00
christos
2769793c13 Fix printf format args. 1996-03-16 23:53:58 +00:00
mrg
32cdb91fa3 two more local addr changes, all done differently now (idea from charles) 1996-02-26 23:16:42 +00:00
christos
14d9cd33af netinet prototypes 1996-02-13 23:40:59 +00:00
thorpej
535abd80a2 Add a net.inet.ip.directed-broadcast sysctl as suggested by
Darren Reed <darrenr@vitruvius.arbld.unimelb.edu.au> in PR #1227.
This change is slightly different than the one submitted by Darren in
that the DIRECTED_BROADCAST compile-time option will behave like it used
to so that existing configurations utilizing it won't have to change.
1996-01-16 04:17:30 +00:00
thorpej
4b359df8c4 Add net.inet.ip.forwsrcrt: if zero, the system will not forward
source-routed packets.  Note this value is protected by kernel security
level; it can only be changed if securelevel < 1.
1996-01-15 21:11:46 +00:00
cgd
dfad729a16 make netinet work on systems where pointers and longs are 64 bits
(like the alpha).  Biggest problem: IP headers were overlayed with
structure which included pointers, and which therefore didn't overlay
properly on 64-bit machines.  Solution: instead of threading pointers
through IP header overlays, add a "queue element" structure to do
the threading, and point it at the ip headers.
1995-11-21 01:07:34 +00:00
mycroft
5482957905 splnet --> splsoftnet 1995-08-12 23:59:09 +00:00
mycroft
22687aa834 Change in_pcbnotify*() to take an errno value. Make inetctlerrmap[] an
array on ints, not u_chars.
1995-06-12 06:46:34 +00:00
mycroft
6897f39ae9 Various cleanup, including:
* Convert several data structures to use queue.h.
* Split in_pcbnotify() into two parts; one for notifying a specific PCB, and
one for notifying all PCBs for a particular foreign address.
1995-06-12 00:46:47 +00:00
mycroft
3a8e9c62b8 Remove ip_ifmatrix completely. 1995-06-07 16:01:15 +00:00
mycroft
41703012d6 Don't cast things unnecessarily. 1995-06-04 05:58:20 +00:00
mycroft
0a99592372 Clean up many more casts. 1995-06-04 05:06:49 +00:00
mycroft
eb216fd6c2 Avoid byte-swapping IP addresses at run time. 1995-06-01 21:35:34 +00:00
cgd
0bfc08ac63 oops; forgot a '{' 1995-05-15 02:09:58 +00:00
cgd
2c1e3c655f drop (and record) malformed IP fragments. Fixes pr 1030 (differently). 1995-05-14 08:23:00 +00:00
cgd
b5b72d26ea be a bit more careful and explicit with types. (basically a large no-op.) 1995-04-13 06:25:36 +00:00
cgd
cf92afd66e New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD' 1994-06-29 06:29:24 +00:00
mycroft
07b4f2ab54 Update to 4.4-Lite networking code, with a few local changes. 1994-05-13 06:02:48 +00:00
mycroft
94b2718bd1 PARANOID --> DIAGNOSTIC for inexpensive tests. 1994-02-14 21:43:33 +00:00
hpeyerl
d7038296be Multicast is no longer optional. 1994-02-02 05:58:50 +00:00
brezak
8243f1bb37 Fix some cases of NOT dealing with m_pkthdr's. This code is still suspect though, at least this fixes some panics. 1994-01-29 11:57:45 +00:00
mycroft
b79490fcca Should compile now with or without `options MULTICAST'. 1994-01-10 20:14:14 +00:00
mycroft
222ebaf50e Prototype the rest. 1994-01-09 01:06:02 +00:00
mycroft
321b0c6090 More prototypes. 1994-01-08 23:50:41 +00:00
mycroft
4fe12e6e88 Fix some inconsistent spacing; spaces at the end of lines, etc. 1994-01-08 21:21:28 +00:00
mycroft
95b048b53a Canonicalize all #includes. 1993-12-18 00:40:47 +00:00