Commit Graph

867 Commits

Author SHA1 Message Date
itojun 1450d6e643 bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall.  introduce proxy NDP code works
  just like "arp -s".
- revise source address selection.
  be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
  packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
2000-02-26 08:39:18 +00:00
itojun c1e70a6c0a allow AF_UNSPEC for SIOCDIFADDR. ISC DHCP client depends on this behavior. 2000-02-25 08:51:35 +00:00
itojun abf6ccac96 backout previous commit (sanity check for family) - it seems to be doing
something wrong.  i'll revise it soon.
2000-02-25 08:37:05 +00:00
itojun 3c0960474d reject non-AF_INET addresses on ioctl.
without this, we can configure invalid sockaddrs, for example,
sa_family == 0 (and we can never remove them!)
2000-02-25 07:11:38 +00:00
itojun 729dcf0da4 hide declaration of IP6_EXTHDR_{GET,CHECK} from userland. 2000-02-24 09:55:24 +00:00
itojun 6a1af46504 don't transmit ICMPv4 packet back, if the original packet was encyrpted. 2000-02-24 09:54:49 +00:00
darrenr 4b3916780b pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
2000-02-20 00:56:33 +00:00
darrenr fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
itojun 729f693364 - if ip_dst matches address on !IFF_UP interface, and
- there's no match against addresses on IFF_UP interface,
send icmp unreach if I'm router.  drop it if I'm host.

Revised version of PR: 9387 from nrt@iij.ad.jp.  Discussed with thorpej+nrt.
2000-02-16 12:40:40 +00:00
thorpej b178e1f58c Add support for rate-limiting RSTs sent in response to no socket for
an incoming packet.  Default minimum interval is 10ms.  The interval
is changeable via the "net.inet.tcp.rstratelimit" sysctl variable.
2000-02-15 19:54:11 +00:00
thorpej f3b975e9a4 Add ICMP error rate limiting, based on the same for ICMP6.
Note, we're reusing the previously unused slot for "MTU discovery" (which
was moved to the "net.inet.ip" branch of the sysctl tree quite some time
ago).
2000-02-15 04:03:49 +00:00
itojun 800897b12f make assumption on mbuf explicit (m->m_len >= sizeof (struct ip)). 2000-02-15 00:42:22 +00:00
thorpej fd4ed9b425 Typo (Thanks, Havard :-) 2000-02-12 18:00:00 +00:00
thorpej 46f7b67929 Small cosmetic change, and note a place where a statistic should be
gathered.
2000-02-12 17:45:44 +00:00
thorpej 312cb38ccb In the tcp_input() path:
- Filter out multicast destinations explicitly for every incoming packet,
  not just SYNs.  Previously, non-SYN multicast destination would be
  filtered out as a side effect of PCB lookup.  Remove now redundant
  similar checks in the dropwithreset case and in syn_cache_add().
- Defer the TCP checksum until we know that we want to process the
  packet (i.e. have a non-CLOSED connection or a listen socket).
2000-02-12 17:19:34 +00:00
itojun 82b005364c don't increase both "no port on broadcast packet" and "no port" stat.
increasing both of them will result in negative number on udp
"delivered" stat on netstat(8), since netstat computes number of delivered
packet by subtracting them from number of inbound packets.
2000-02-11 10:43:36 +00:00
itojun 46dfa55555 fix in-kernel packet forwarding loop (till TTL becomes 0) when:
- a packet is delivered to an address X,
- and the address X is configured on my !IFF_UP interface
- and ipforwarding=1

NetBSD PR: 9387
From: nrt@iij.ad.jp
2000-02-11 05:57:58 +00:00
itojun ff0fe5df65 fix ip4 protosw.
gif interface and gre interface should be able to coexist.
2000-02-10 14:44:28 +00:00
itojun 59d74f3d21 to improve RFC2553/2292 compliance, and promote use of
RFC2553/2292-compliant header file path, now the following headers are
forbidden:
	netinet6/ip6.h
	netinet6/icmp6.h
	netinet6/in6.h

if you want netinet6/{ip6,icmp6}.h, use netinet/{ip6,icmp6}.h.

if you want netinet6/in6.h, you just need to include netinet/in.h.
it pulls it in.
(we may need to integrate them into netinet/in.h, but for cross-BSD code
sharing i'd like to keep it like this for now)
2000-02-09 00:54:55 +00:00
itojun 4f53db2499 optimize mbuf allocation for ip/tcp/tcpopt part. 2000-02-09 00:50:40 +00:00
veego aa4732525f Fix from Darren Reed for the test failure of f11. 2000-02-07 13:58:00 +00:00
itojun 2687887f38 s/DIAGNOSTIC/DEBUG/ 2000-02-07 06:15:16 +00:00
itojun 51219dabc9 to be more rfc2292 complient, move ip6.h and icmp6.h into netinet.
(netinet6/{ip6,icmp6}.h is non-standard path - these files should go away)

it was not possible to use cvsmove in this case.
when you try to look at history, chase it toward netinet6/{ip6,icmp6}.h.
2000-02-06 11:11:29 +00:00
itojun 76064f5770 don't chase mbuf pointer when it is NULL. 2000-02-06 08:06:43 +00:00
itojun f91ee608a9 avoid calling in6_control(SIOCDIFADDR_IN6) from interrupt context.
it is not supposed to work.
logging fix: add "\n" to some of log() in in6_prefix.c.

improve in6_ifdetach().  now almost all structure depend on ifnet
will be cleared up.
possible loose ends:
- cached route_in6 in static varaiables needs to be cleared as well
- there are ifaddr manipulation without reference counting,
  which should be fixed
we still see panics after card removal, though...  not sure what is left.

(sync with kame)
2000-02-04 14:34:22 +00:00
thorpej c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
thorpej d844a3ac41 First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
  work was.  This is hard to get right, and we should attack one
  protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
  purge an ifaddr from a protocol.  The old method Bill used didn't work
  on all protocols, and it only worked on some because it was Very Lucky.

This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
2000-02-01 22:52:04 +00:00
veego 064dbd29ad Only print one 'IP Filter:' line when it gets enabled or disabled. 2000-02-01 21:41:36 +00:00
veego b3bffdf856 Resolve conflicts. 2000-02-01 21:29:15 +00:00
thorpej 3b5706e2e5 Fix a couple of whitespace glitches. 2000-02-01 00:07:50 +00:00
thorpej 637a2eee6e Use ifatoia() and sintosa() consistently, rather than using home-grown
casting macros intermixed.
2000-02-01 00:07:09 +00:00
thorpej 1cb24101b9 Small amount of cosmetic cleanup. 2000-02-01 00:05:07 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun 63fd2c0262 destination port == 0 is illegal based on RFC768.
(NetBSD PR: 9137 - I thought I committed this already but I wasn't)
2000-01-31 10:39:26 +00:00
sommerfeld 62224d5f23 Pick source address for ICMP errors a bit more intelligently when
there are multiple addresses on the interface.

From Marc Horowitz <marc@netbsd.org>, who left this sitting for too long.
2000-01-25 17:07:56 +00:00
itojun b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
2000-01-06 15:46:07 +00:00
itojun ec63b40402 remove too much portability code in KAME, to improve readability. 2000-01-06 07:31:07 +00:00
itojun 2e904aec57 make IPV6_BINDV6ONLY setsockopt available. it controls behavior of
AF_INET6 wildcard listening socket.  heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value.  default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
2000-01-06 06:41:18 +00:00
veego a7c3d2263b Fix a panic which was mentioned on the ipfilter mailing list.
Patch from Darren send to the mailing list after he released 3.3.6 and
did a bad job with using the wrong way to update the NetBSD version
of ipfilter.
1999-12-29 08:19:07 +00:00
darrenr 1904e0a218 update ipfilter code to 3.3.6 1999-12-28 07:14:53 +00:00
itojun dc0f1c0435 drop IPv6 packets with v4 mapped address on src/dst. they are illegal
and may be used to fool IPv6 implementations (by using ::ffff:127.0.0.1 as
source you may be able to pretend the packet is from local node)
1999-12-22 04:03:01 +00:00
itojun 8bd9534970 avoid shared cluster mbuf overwrite on multicast packet loopback.
(bsdi and freebsd fixed this a long time ago...)

PR: 9020
From: pavlin@catarina.usc.edu
1999-12-20 05:46:33 +00:00
itojun abddb5f851 do not overwrite traffic class field when we write IPv6 version field. 1999-12-15 06:28:43 +00:00
is 43aa150a4e Handle packets to 255.255.255.255 like multicast packets. Fixes PR 7682 by
Darren Reed.
1999-12-13 17:04:11 +00:00
itojun ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
ragge 713b50cde9 Avoid GCC complaints (under some circumstances). 1999-12-12 19:51:49 +00:00
itojun 5bb1c57bee sync with latest KAME (rcsid only). 1999-12-12 16:19:40 +00:00
itojun 2f49a03b86 do not use member of sockaddr_storage directly.
(if the definition is like in rfc2553) they are not supposed to be used.

XXX i'm trying to change rfc2553 sockaddr_storage definition to include
"ss_len" and "ss_family".  see ipngwg.  situation might change soon.
1999-12-12 15:57:07 +00:00
veego 64b2c34646 Resolve conflicts and small fixes. 1999-12-12 11:11:15 +00:00
veego 99f380af25 Import a few IP Filter 3.3.5 files under sys/netinet. 1999-12-12 10:57:57 +00:00
itojun 4d757da195 implement upper-layer reachability confirmation for IPv6 ND (RFC2461 7.3.1).
fix code to reject "tcp to IPv6 anycast".

sync with recent KAME.
1999-12-11 09:55:14 +00:00
itojun 313f5eb9cd do not drop from IP header to tcp option until sbappend(), to reduce
requirement to mbuf chain.
part of KAME sync, committed separately for its (possible) impact.
1999-12-08 16:22:20 +00:00
itojun bbb8727584 bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code).  Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.
1999-11-30 13:34:47 +00:00
thorpej 046d593425 Add the `packed' attribute to structures which describe wire protocol data. 1999-11-20 00:37:58 +00:00
bouyer f86517a031 Update protocoles and interfaces stats counters to 64bit.
RTM_IFINFO is now 0xf, 0xe is RTM_OIFINFO which returns the old (if_msghdr14)
struct with 32bit counters (binary compat, conditioned on COMPAT_14).
Same for sysctl: node 3 is renamed NET_RT_OIFLIST, NET_RT_IFLIST is now node 4.
Change rt_msg1() to add an mbuf to the mbuf chain instead of just panic()
when the message is larger than MHLEN.
1999-11-19 10:41:41 +00:00
itojun 90fe937b44 disable ipflow (IPv4 fast fowarding) when IPsec is configured into the kernel. 1999-10-26 09:53:17 +00:00
drochner 87568e8d82 defopt the XNS protocol (options NS), clean up the use of related
option headers / defines
1999-10-25 19:18:10 +00:00
sommerfeld f3182098a7 If a packet came in as link-level broadcast or link-level multicast, don't
attempt to fast-forward it out.
1999-10-17 23:38:45 +00:00
sommerfeld c2accd9f9c In ip_forward():
Avoid forwarding ip unicast packets which were contained inside
link-level multicast packets; having M_MCAST still set in the packet
header flags will mean that the packet will get multicast to a bogus
group instead of unicast to the next hop.

Malformed packets like this have occasionally been spotted "in the
wild" on a mediaone cable modem segment which also had multiple netbsd
machines running as router/NAT boxes.

Without this, any subnet with multiple netbsd routers receiving all
multicasts will generate a packet storm on receipt of such a
multicast.  Note that we already do the same check here for link-level
broadcasts; ip6_forward already does this as well.

Note that multicast forwarding does not go through ip_forward().

Adding some code to if_ethersubr to sanity check link-level
vs. ip-level multicast addresses might also be worthwhile.
1999-10-17 16:00:00 +00:00
sommerfeld d0790aa895 in ipfr_fastroute, before calling icmp_error(), put received-interface
back into the packet.  (ip_output() clears it since ipsec reuses that
packet field in the output path.  by putting it back, we're going to
pretend we're back on the input path now).
1999-10-12 14:51:34 +00:00
is f546d949b6 Decouple IP mtu for ARCnet devices from interface MTU.
This is important, because for most protocols, link level fragmentation is
used, but with different default effective MTUs. (e.g.: IPv4 default MTU
is 1500 octets, IPv6 default MTU is 9072 octets).
1999-09-25 17:49:27 +00:00
enami 5326516a15 Make this compile without INET6. 1999-09-23 04:02:27 +00:00
itojun 9474edfcd8 cleanup and correct TCP MSS consideration with IPsec headers.
MSS advertisement must always be:
	max(if mtu) - ip hdr siz - tcp hdr siz
We violated this in the previous code so it was fixed.

tcp_mss_to_advertise() now takes af (af on wire) as its argument,
to compute right ip hdr siz.

tcp_segsize() will take care of IPsec header size.
One thing I'm not really sure is how to handle IPsec header size in
*rxsegsizep (inbound segment size estimation).
The current code subtracts possible *outbound* IPsec size from *rxsegsizep,
hoping that the peer is using the same IPsec policy as me.
It may not be applicable, could TCP gulu please comment...
1999-09-23 02:21:30 +00:00
itojun 6b9bfc0691 - Call in{,6}_pcbdetach if ipsec initialization is failed during PRU_ATTACH.
This situation happens on severe memory shortage.  We may need more
  improvements here and there.
- Grab IEEE802 address from IFT_ETHER card, even if the card is
  inserted after bootup time.  Is there any other card that can be
  inserted afterwards?  pcmcia fddi card? :-P
- RFC2373 u bit handling suggests that we SHOULD NOT copy interface id from
  ethernet card to pseudo interface, when ethernet card has IEEE802/EUI64
  with u bit != 0 (this means that IEEE802/EUI64 is not universally unique).
  Do not use such address as, for example, interface id for gif interface.
  (I have such an ethernet card myself)
  This may change interface id for your gif interface.  be careful upgrading
  rc files.

(sync with recent KAME)
1999-09-13 12:15:54 +00:00
simonb fd8040a031 s/acknowledgment/acknowledgement/ 1999-09-10 03:24:14 +00:00
itojun 4597cff18d fix tcp mss consideration on ipsec operation.
now tcp-over-ipsec should not experience fragmentation due to
addition of ipsec header.

From: proff@suburbia.net (Julian Assange)
1999-08-27 02:56:14 +00:00
itojun a89a69391a clear m->m_pkthdr.rcvif before calling ip_output().
the member is used to pass struct socket to ip{,6}_output for ipsec decisions.

(i agree it is kind of ugly.  we need to modify struct mbuf if we are
to do better - which seems to me a bit too much)
1999-08-26 02:56:59 +00:00
marc 3c1adf9354 when fastrouting a packet which needs fragmentation, the packet passed
to if_output did not have m->m_pkthdr.len set correctly.  Add the code
to do this from the similar code in ip_output.c
1999-08-26 02:15:35 +00:00
thorpej 1e921673e3 Fix a problem discovered by the snd_recover update fix. A bit of the
New Reno fast recovery code was being executed even when New Reno was
disabled, resulting in an unfortunate interaction with the traditional
fast recovery code, the end resulting being that the very condition
that would trigger the traditional fast recovery mechanism caused fast
recovery to be disabled!

Problem reported by Ted Lemon, and some analytical help from Charles Hannum.
1999-08-26 00:04:30 +00:00
itojun 809ab7f1ff When listening socket goes away, remove assockated syn cache entires.
Stale syn cache entries are useless because none of them will be used
if there is no listening socket, as tcp_input looks up listening socket by
in_pcblookup*() before looking into syn cache.

This fixes race condition due to dangling socket pointer from syn cache
entries to listening socket (this was introduced when ipsec is merged in).

This should preserve currently implemented behavior (but not 4.4BSD
behavior prior to syn cache).

Tested in KAME repository before commit, but we'd better run some
regression tests.
1999-08-25 15:23:12 +00:00
itojun d48c55f4f0 ctlinput handling must look at ip6_src, not ip6_dst.
(this makes path mtu handling wrong)
1999-08-25 12:38:14 +00:00
bouyer 4f806e660f Fix for kern/7831 from Darren Reed after discussion on tech-net 2 weeks ago:
check that the packet if of the rigth protocol before giving it to the
proxy module, otherwise let the ipnat code handle it.
What happens in kern/7831 is that a router sends back a icmp message for
a TCP SYN, and ip_proxy.c forwards it to ip_ftp_pxy.c which can only
handle TCP packets. The icmp message is properly handled by ipnat, no need to
go to ip_ftp_pxy.c.
1999-08-24 16:10:35 +00:00
christos d6f8878423 PR/8254: Wolfgang Rupprecht: Incorrect logging of tcp connections; Fix src/dst
confusion.
1999-08-23 14:14:30 +00:00
matt d3448593e5 Cleanup a little kludge in mtu handling in route.c. Bring down FDDI
mtu to legal IP max but don't affect other protocols.
1999-08-21 03:46:35 +00:00
itojun 00cf8638cb do not capture packets by gif, when gif interface is down. 1999-08-20 10:07:40 +00:00
itojun 98fab25334 fix sototcpcb(). this sometimes caused panic on OOB data reception.
the macro may need to be expanded into dedicated function, rather than a macro,
to capture unsupported values.
1999-08-12 16:04:52 +00:00
thorpej af1e02ad91 Fix a few bugs in the TCP New Reno code:
- Make sure that snd_recover is always at least snd_una.  If we don't do
  this, there can be confusion when sequence numbers wrap around on a
  large loss-free data transfer.
- When doing a New Reno retransmit, snd_una hasn't been updated yet,
  and the socket's send buffer has not yet dropped off ACK'd data, so
  don't muddle with snd_una, so that tcp_output() gets the correct data
  offset.
- When doing a New Reno retransmit, make sure the congestion window is
  open one segment beyond the ACK'd data, so that we can actually perform
  the retransmit.

Partially derived from, although more complete than, similar changes in
OpenBSD, which in turn originated from Tom Henderson <tomh@cs.berkeley.edu>.
1999-08-11 17:37:59 +00:00
thorpej e48f29e82b Make sure the echoed RFC 1323 timestamp is valid before using it to
compute the round trip time.  From Mark Allman <mallman@lerc.nasa.gov>.
1999-08-11 03:02:18 +00:00
itojun a9b7fe4621 return with doing nothing from xx_ctlinput(), when sa->sa_family
is not the expected one.

I see PRC_REDIRECT_HOST with sa->sa_family == AF_UNIX coming to
{tcp,udp}_ctlinput() when I use dhclient, and I feel like adding
more sanity checks, without logging - if we log it it is too noisy.
1999-08-09 10:55:29 +00:00
sommerfeld 08e495eda4 Delete debug printfs from arp_drain() 1999-08-05 04:36:56 +00:00
sommerfeld 2aa9696fee Implement arp_drain(), which frees packets tied up in the arp cache if
mbufs are in short supply.
Create a (trivial) protocol domain for arp so that the drain routine will
be called from m_reclaim()
1999-08-05 04:04:28 +00:00
itojun 70ada0957e sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).
1999-07-31 18:41:15 +00:00
itojun 06c350054d remove reference to in6_systm.h (file itself will be removed afterwords) 1999-07-30 10:35:34 +00:00
itojun 42c5caafe7 do not include unnecessary include files. 1999-07-23 15:21:17 +00:00
itojun 7fee35f579 - implement IPv6 pmtud, which is necessary for TCP6.
- fix memory leak on SO_DEBUG over TCP.
1999-07-22 12:56:56 +00:00
itojun b479094c45 no need to include faith.h on non-IPv6 build, so wrap by #ifdef.
(dunno if it's better to always include it or not)
1999-07-17 12:53:05 +00:00
itojun c74f79d16f fix faith interface support. need testing.
(i understand this is a dirty hack, of course)
1999-07-17 07:07:08 +00:00
itojun 685747d56c Use proper ip protocol # field and tcp hdr on sending RST against SYN,
when ip header and tcp header are not adjacent to each other
(i.e. when ip6 options are attached).

To test this, try
	telnet @::1@::1 port
toward a port without responding server.  Prior to the fix, the kernel will
generate broken RST packet.
1999-07-14 22:37:13 +00:00
drochner 46f90cb053 make sending of keepalive messages work again:
-remove bogus sanity check involving an uninitialized variable
-correct mbuf cluster allocation
-(non-critical) remove redundant check in cleanup after error
1999-07-14 22:08:52 +00:00
thorpej 267920eb1a defopt INET6, and put it in opt_inet.h (most places already include this
file, which is why the file list is so short).
1999-07-09 23:41:16 +00:00
thorpej f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
drochner 2df8761fac for incoming broadcasts, strip IP/UDP header correctly
wrap a line
1999-07-06 14:37:47 +00:00
itojun dcc13cdd33 sync with KAME/NetBSD 1.4, SNAP kit 19990705.
key changes are:
- icmp6 redirect fix (dst check)
- revised ip6 multicast check for loopback i/f
- several RCS ID cleanups
1999-07-06 12:23:19 +00:00
darrenr a47ffec442 Call icmp_error() at the bottom of rip_input IFF rip_input is the handler
for the protocol in the specified packet.
Fix statistic gathering to not make bogus increments of ips_delivered and
ips_noproto for cases where rip_input() is called by a protocol handler
(such as icmp_input or igmp_input) which has already processed the packet.
1999-07-05 07:24:38 +00:00
thorpej cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
fvdl e3fa5cc725 Fix for -Wunitialized warnings broke compiles without INET6, refix. 1999-07-02 21:02:05 +00:00
itojun 4b961b81e3 avoid "variable not initialized" warnings on some of the platforms. 1999-07-02 12:45:32 +00:00
itojun f8346292af move ipsec sysctl index to IPPROTO_AH (instead of IPPROTO_ESP),
so that you can perform sysctl operation when ESP is not compiled in.
1999-07-02 08:46:47 +00:00
itojun 118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
1999-07-01 08:12:45 +00:00
darrenr 67cac86e57 add PR_LISTEN to protocols which support listen(2) 1999-07-01 05:53:04 +00:00
itojun 74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
1999-06-28 06:36:47 +00:00
sommerfeld b7c70d2b2f If the new global variable hostzerobroadcast is zero, no longer assume
address zero of each net/subnet is a broadcast address.
(The default value is nonzero, which preserves the current behavior).

This can be set using sysctl; the boot-time default can also be
configured using the HOSTZEROBROADCAST kernel config option.

While we're here, defopt HOSTZEROBROADCAST and SUBNETSARELOCAL
1999-06-26 06:16:47 +00:00
thorpej 51867fc227 When sending an ARP reply, make sure to set the length of the outgoing
packet.

Slightly modified from PR #7809, Zdenek Salvet <salvet@ics.muni.cz>.
1999-06-18 18:20:50 +00:00
mrg 7185af78dc oops. move sendit: above the PFIL_HOOKS so that multicast traffic is filtered. from darren reed. 1999-06-07 01:26:04 +00:00
bad 6b30aed924 Fix thinko of mine in previous. The source route info is not at m->m_data
after various m_adj()s have been done.  Kludge around this with a cheesy
macro that knows where the drivers put the mac header in the first mbuf.

XXX There should be a better way to do this.
1999-05-30 00:39:07 +00:00
bad 0b3a9f9e00 Don't assume the Token-Ring source route is in the m_pktdat. Use
m_data instead.  This isn't a problem with ARP packets but is correct
way to this.

Noticed by pmara@cactus.org (Shashi Mara).
1999-05-29 22:36:07 +00:00
ad ccc7e59e1f Add new sysctl (net.inet.tcp.log_refused) that when set, causes refused TCP
connections to be logged.
1999-05-23 20:33:50 +00:00
ad bdf1938edd For completeness sake, allow this to compile with no loopback interfaces
configured.
1999-05-23 20:21:51 +00:00
thorpej 788dee365c Sigh, fix some broken logic in the last change to INADDR_TO_IA(), and make
the macro a little more obvious.  Should fix kern/7589, from Jens A Nilsson.
1999-05-16 19:33:27 +00:00
is 7807c9a493 Fixes PR 7489 by Olaf Seibert. Fix by Zdenek Salvet (PR 7497). 1999-05-04 20:50:35 +00:00
hwr d313e75afe It does not make much sense to increase a "output" counter on input. 1999-05-04 20:13:09 +00:00
hwr 3fa094f8b5 Don't let packets with a Class-D source address escape the host.
Fixes second half of kern/7003 by Jonathan Stone <jonathan@DSG.Stanford.EDU>.
1999-05-04 19:50:23 +00:00
is 7470bd006a Fix for PR 7490 by Olaf Seibert, fix mostly from PR 7497 bei Zdenek Salvet,
but with more verbose error messages.
1999-05-04 14:58:27 +00:00
thorpej 3faa72bd56 Fix an ininitialized variable that the MIPS compiler caught (but the
SPARC, Alpha, Arm, and i386 compilers missed).
1999-05-03 23:30:27 +00:00
thorpej a40dff106e In INADDR_TO_IA(), skip interfaces which are not up. Revert previous change
to ip_input.c to check the interface status after INADDR_TO_IA().

Fix cooked up by Heiko Rupp and myself.

Fixes PR 7480.
1999-05-03 22:12:44 +00:00
hwr 33a8a5933b Drop packets, that have a Class-D address as source address.
Implements the first half of PR 7003.
1999-05-03 21:14:47 +00:00
thorpej 2cd33a0ce1 Implement retransmit logic for the SYN cache engine. Fixes a rare condition
where one side can think a connection exists, where the other side thinks
the connection was never established.

The original problem was first reported by Ty Sarna in PR #5909.  The
original fix I made to the code didn't cover all cases.  The problem this
fix addresses was reported by Christoph Badura via private e-mail.

Many thanks to Bill Sommerfeld for helping me to test this code, and
for finding a subtle bug.
1999-04-29 03:54:22 +00:00
hwr fb7871d6b2 If the incoming code value is 0, timer gets 0, which would mean
a divide by zero afterwards.
This is also, what Bill Fenner seems to have done in the FreeBSD igmp
code.
This should fix kern/6541.
1999-04-25 10:26:29 +00:00
simonb be3adbebcc Don't extern sb_max, <sys/socketvar.h> provides a definition. 1999-04-22 01:32:30 +00:00
kml a7f8ef5e9b Ensure that out of window SYNs receive an ACK in responce, rather than
being dropped.  This fixes a bug reported by Jason Thorpe.
1999-04-09 22:01:07 +00:00
proff 8775e52947 tiny KNF change 1999-04-07 05:34:32 +00:00
proff ae938abb49 Prevent reception of packets on downed interfaces (via an up interface).
fixes kern/7327
1999-04-07 02:31:05 +00:00
tron 1b27086b7e - Make sure that interface can't be marked up before a route to the remote
tunnel end was found.
- Flush route and reset MTU if interface is marked down.
1999-04-04 09:10:27 +00:00
tron ef85f04fcb Avoid kernel panic if interface is configured before a route to the
remote of the tunnel can be found.

XXX If you manually mark the interface as "UP" and set the MTU later
XXX sending a packet will still cause a kernel panic.
1999-04-04 00:21:53 +00:00
hwr 3f5c626e42 Setting of source and destination IP is not done by
passing SIOCSIFADDR/SIOIFDSTADDR, but by passing the addresses in
the appropriate structs.
One of the mysteries of ifconfig IMHO...

Should fix kern/6899.
1999-04-02 20:39:23 +00:00
mycroft 742a052418 Fix a null pointer dereference in the case where forwarding is turned on and
there are interfaces up but with no addresses.
1999-03-30 19:02:56 +00:00
nathanw 9c6754cd69 Alpha printf format fixes.
Closes PR kern/7258.
1999-03-27 21:47:59 +00:00
aidan da1b3a7abf Added per-addr input/output statistics. Currently just support netatalk
and netinet, currently only tested under netinet.

Disabled by default, enabled by compiling the kernel with option
IFA_STATS.  Enabling this feature seems to make the ip_output function
take 13% longer than before, which should be OK for people that need
this feature.
1999-03-27 01:24:49 +00:00
proff 85ab19698a security: test for ip_len < ip_hl <<2 and drop packet accordingly 1999-03-26 08:51:35 +00:00
lukem 8a931fcdd8 Ensure that you can only bind a more specific address when it is done by the
same uid or by root.

This code is from FreeBSD. (Whilst it was originally obtained from OpenBSD,
FreeBSD fixed it to work with multicast. To quote the commit message:
    - Don't bother checking for conflicting sockets if we're binding to a
      multicast address.
    - Don't return an error if we're binding to INADDR_ANY, the conflicting
      socket is bound to INADDR_ANY, and the conflicting socket has
      SO_REUSEPORT set.
)
1999-03-23 10:45:37 +00:00
bad a5283c98c0 Add support for Token-Ring source routes in the ARP cache.
By Onno van der Linden.
1999-03-22 22:30:42 +00:00
perry d446fb449c exterminate ovbcopy. patches provided by Erik Bertelsen, pr-7145 1999-03-12 22:42:30 +00:00
mycroft c6d172438d Minor cleanup to use LONG_SUM() and CALC_SUMD() more. 1999-03-05 07:27:09 +00:00
explorer cff4c9630b Don't mix in data just to stir the rnd pool. Extracting data will do that,
any network packets received might, too, so this is already taken care of.
1999-02-28 13:41:24 +00:00
drochner 918dfd95e1 -always do an RARP if revarpwhoarewe() is called, it might be for another
interface or the server's configuration has changed
-g/c revarpwhoami()
1999-02-21 15:17:14 +00:00
matt 7ebd19d744 According to Dave Borman, the iss should be using snd_nxt and not rcv_nxt
(from tcp_impl mailing-list).
1999-02-05 22:37:24 +00:00
explorer 25d32ef34d REALLY only update the window when we get an ACK. (the old code seemed broken) 1999-02-04 22:58:37 +00:00
cjs 8befad84b1 Remove SCCS markers and make these compile in $NetBSD$ IDs. 1999-02-02 19:57:30 +00:00
thorpej a350d7b28b Set the tunnel destination address correctly. Should fix PR #6899. 1999-02-02 07:20:13 +00:00
marc 5f688e6632 remove gre_softc declaration; the symbol is no longer used in this
file.
1999-02-02 07:10:45 +00:00
mycroft 5e373d307f Clear mfchashtbl after it's deallocated, to kill a stray pointer. Fixes PR
5400.
1999-02-01 15:09:46 +00:00
thorpej a22cfcf3d4 Make programs that use raw IP work again; trim the header length from ip_len
before handing the packet off to the socket.
1999-01-30 21:43:16 +00:00
itohy 7751c2e2eb ~htons(...) is always negative. 1999-01-28 21:29:27 +00:00
thorpej 6c30816c15 Fix a slight error in previous. Rearrange some code in tcp_respond() so
that a DIAGNOSTIC check against the destination address is actually
checking the destination address.  "oops."
1999-01-26 08:28:50 +00:00
mycroft 8ede79f2b4 One more tweak to the checksum hack, and I promise I'm done. B-) 1999-01-25 15:53:29 +00:00
mycroft 50438b6df0 Absolutely minor tweak to generate better code. 1999-01-25 15:36:50 +00:00
mycroft 70e6acdfef Update the comment about the checksum hack. It was way out of date. 1999-01-24 13:34:35 +00:00
mycroft 94895652e1 Modify the checksum slightly so that the htons()s can all be combined. 1999-01-24 12:57:38 +00:00
thorpej a58f271406 Oops, forgot to update copyright notice in previous. 1999-01-24 01:21:18 +00:00
thorpej 86e2c3fbc6 * Completely rewrite syn_cache_respond().
- Don't use tcp_respond(), instead create the tcp/ip header from scratch,
and send it ourself.
- Reuse the mbuf that carried the SYN, or allocate one if that is not
available.
- Cache the route we look up to do the Path MTU Discovery check, and
transfer the reference to that route to the inpcb when the connection
completes.
* Macro'ize a small, but often repeated code fragment.
1999-01-24 01:19:28 +00:00
mycroft b790730226 Fix problems with fr_tcpsum() that prevented the FTP proxy from working. 1999-01-23 08:50:52 +00:00
thorpej a43786143f Fix a problem pointed out by Charles Hannum; DF wasn't being set in
SYN,ACK packets during Path MTU Discovery.  Fix tcp_respond() to do the
appropriate route lookup and set DF as appropriate.

Also, fixup similar code in tcp_output() to relookup the route if it
is down.
1999-01-20 03:39:54 +00:00
mycroft 231a906c71 There's just no plausible reason to byte-swap ip_id internally. It's opaque. 1999-01-19 23:39:56 +00:00
mycroft 7eeb5a04da Don't screw with ip_len; just subtract from it where we actually use the
value.
1999-01-19 23:03:20 +00:00
mycroft d3ea3de1af Fix byte-swapping of ip_len in returned IP header. 1999-01-19 22:10:42 +00:00
mycroft fc1211a6ab Don't overwrite the checksum fields when checking them. There's no reason to
do this, and it screws up ICMP replies.
XXX The returned IP checksum and length are still wrong.
1999-01-19 21:58:40 +00:00
thorpej 4b0e6bb4dc Domains are associated with protocol families, not address families. 1999-01-14 01:16:55 +00:00
thorpej 98d3903da8 Use the count supplied to the pseudo-device attach routine to dynamically
allocate (once) the ipip_softc array; don't assume NIPIP contains the count.
1999-01-13 23:01:20 +00:00
thorpej 555784ccd5 Fix byte order and ip_len inconsistencies in ICMP reply code. Also, fix
some formatting and HTONS(foo) vs. foo = htons(foo) inconsistencies.

PR #6602, Darren Reed.
1999-01-11 22:35:06 +00:00
thorpej 6ae68b4feb Pull the IP-in-IP tunneling support out of the GRE code. It's not handled
by a separate IP-IP input path.

XXX Should eventually do the same thing for IPPROTO_MOBILE.
1999-01-11 21:32:13 +00:00
thorpej 9508f259bf Adjust for the new IP-IP input path. mrt_ipip_input() is called from
ipip_input(), and returns non-zero if mrt_ipip_input() handled the
packet.

XXX Eventually, the multicast code should probably use regular IP-IP
XXX `interfaces', but mrouted knows about the VIF table, etc.
1999-01-11 21:31:03 +00:00
thorpej 9d996b9e4e Adjust for the new IP-IP input path. 1999-01-11 21:28:28 +00:00
thorpej 9f9be750f6 Separate out the IP-in-IP implementation from the GRE code. This cleans
up the interface to ip_mroute.c somewhat, and properly separates IP-IP
from GRE.  (They are similar, but they are different protocols, and should
not be implemented in the same place.)
1999-01-11 21:26:53 +00:00
thorpej 5f69dedb2c ipip_input() -> mrt_ipip_input(). 1998-12-22 02:51:32 +00:00
thorpej 54377d1212 Simplify the tunnel lookup routine. 1998-12-22 01:49:04 +00:00
thorpej 12632ebf71 Reverse the copyright-notice-swap. It went against existing practice. 1998-12-19 02:46:12 +00:00
thorpej 4f177aec90 Add a lock around the TCPCB's sequence queue, to prevent tcp_drain()
from corrupting the queue if called from a device's interrupt context.

Similar in nature to the problem reported in PR #5684.
1998-12-18 21:38:02 +00:00
thorpej ca15e01c76 Add a lock around the IP fragment reassembly queue, to prevent ip_drain()
from corrupting the queue if called from a device's interrupt context.

Should fix PR #5684.
1998-12-18 21:35:11 +00:00
thorpej 93454aafc6 Delay sending if SS_MORETOCOME is set in so_state. This avoids the case
where the user issued a write with a length greater than MLEN but less
than MINCLSIZE, thus causing two mbufs to be used.  The loop in sosend()
would then call PRU_SEND twice, causing TCP to transmit 2 packets when
it could have transmitted one.

Suggested by Justin Walker <justin@apple.com> on the freebsd-net
mailing list.
1998-12-16 00:33:14 +00:00
mrg 2f2fd097ef remove this insanity. appeared with ipfilter 3.2.10... 1998-12-11 23:47:16 +00:00
drochner 914642e439 correction to the previous: protect against _LKM too
pointed out by Todd Whitesel <toddpw@best.com>
1998-12-11 11:57:33 +00:00
drochner 36b809fed6 correcton tp previous: don't try to include kernel option headers in
userland
fixes PR kern/6561 (Takahiro Kambe)
1998-12-11 09:15:42 +00:00
christos ce96f9960a defopt IPFILTER_LOG 1998-12-10 15:50:59 +00:00
christos c7578c510a defopt 1998-12-10 11:01:01 +00:00
mrg a94214bdd0 add a patch from darren reed, to make ipfilter use our cksum routine. 1998-11-26 12:21:47 +00:00
sommerfe 0cdf66e377 Fragments should start with a header mbuf allocated by MGETHDR() 1998-11-25 21:13:58 +00:00
mrg 4dd9bebb58 add two more prototypes. noted missing by mjacob. 1998-11-22 23:30:36 +00:00
mrg 78db9d7d95 merge ipf 3.2.10 1998-11-22 15:17:18 +00:00
lukem 0cd1643609 if INADDR_ANY is given in in_pcbconnect(), choose the ia_addr of the first
interface, not the ia_broadaddr.  should fix [standards/5645] and [kern/6425]
1998-11-16 05:47:19 +00:00
drochner 1658ac64a8 fix the previous: "securelevel" in kernel only 1998-11-15 17:36:19 +00:00
tls da1c106b85 In 'highly secure' mode (securelevel >= 2), the filter lists may not be tampered with. It might be desirable to allow enabling of preset filter lists, but it seems too good a candidate for a denial-of-service attack, so we don't. 1998-11-14 07:42:37 +00:00
lukem cc41dfe747 simplify test in in_pcbbind() for setting wild=1; no need to check if
((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 ||
	(so->so_options & SO_ACCEPTCONN) == 0)
since the latter is always true, so the former test in unnecessary.
from `TCP/IP Illustrated, Volume 2', W. Richard Stevens, p 730.
1998-11-13 10:50:10 +00:00
thorpej 0e3a0a7f80 Once a fragmented IP packet has been reassembled, recompute the packet
length before passing it up the stack.  From FreeBSD.
1998-11-13 03:24:22 +00:00
ws ede30e2813 Fix a buglet when looking up an interface for multicast:
Zero out the routing structure before calling the route lookup code
in order to correctly match addresses.
1998-10-26 17:31:01 +00:00
matt 3ad026ac87 vax -> __vax__ (and mips to __mips__ in ultrix_misc.c) 1998-10-20 01:46:27 +00:00
kim cd7e3136ad Use ETHERTYPE_ATALK instead of ETHERTYPE_AT. The former seems more common.
Our other constants also use "ATALK".

Added many new ETHERTYPE constants to sys/net/ethertypes.h, including the
ones from libpcap and tcpdump "ethertype.h" files.
1998-10-13 02:34:31 +00:00
thorpej 14f5ac9081 Use the pool allocator for ipflow entries. 1998-10-08 01:41:45 +00:00
thorpej 974aa74abd Use the pool allocator for ipqent structures. 1998-10-08 01:19:25 +00:00
thorpej 588ccb2d75 Fix some typos in comments, and clean up some whitespace. 1998-10-07 23:33:02 +00:00
thorpej 6cfb33b4e4 Use the pool allocator for the tcpcb's TCP/IP header template. 1998-10-07 23:20:03 +00:00
matt bf4e491879 Fix boolean dyslexic test. Duh! 1998-10-06 00:41:13 +00:00
matt 8e8f38e0f2 Add a sysctl for newreno (default to off). 1998-10-06 00:20:44 +00:00
lukem a1ea50ee45 * in_pcblookup_port(): deprecate INPLOOKUP_WILDCARD and flags in favour
of a lookup_wildcard arg; simplifies the logic a bit.
* when assigning ephemeral ports in in_pcbbind(), always call
  in_pcblookup_port() with lookup_wildcard=1, so that ephemeral port
  allocation on sockets with SO_REUSEADDR set won't potentially bind to a
  port in use by something else (principle of least surprise).
1998-10-05 14:33:14 +00:00
matt 25054b5cf7 Adapt the NEWRENO changes from the UCSB diffs of BSDI 3.0's TCP
to NetBSD.  Ignore the SACK & FACK stuff for now.
1998-10-04 21:33:52 +00:00
kleink c68106edad Use #error instead of causing a parse error. 1998-10-02 21:21:04 +00:00
drochner 5ddf423985 print reason for arplookup() failure (ala FreeBSD) 1998-10-01 11:04:24 +00:00
tls c4730d65cf Switch order of TNF and UCB copyrights so UCB copyright is first; this seems more appropriate since UCB wrote the original code, after all. 1998-09-30 21:52:24 +00:00
hwr eaccb9cd8d Start supporting IPPROTO_MOBILE (55) encapsulation. This is yet
another tunneling protocol used by the Mobile-IP people. See RFC 2004
for this.
1998-09-30 05:59:27 +00:00
christos e74ca32804 SIOCGIFALIAS should not be restricted to the superuser. 1998-09-28 12:32:43 +00:00
mycroft 4a000a54e6 Fix a typo (not mine) in a comment. 1998-09-19 04:34:34 +00:00
mycroft 04ef3bf88d If we're in LISTEN state and all of RST, SYN and ACK are clear, send a RST. 1998-09-19 04:32:51 +00:00
mycroft 31347e4671 Always send a 0 window with a RST. Suggested by Darren Reed. 1998-09-19 04:02:52 +00:00
hwr cf70cc28c7 Typo. :( 1998-09-14 21:15:56 +00:00
hwr 517139017e Some additions.
And IDPR-CMTP is 38 not 39 according to IANA.
1998-09-14 21:09:51 +00:00
hwr 366b9c4515 Add a gre tunnel pseudo network device. Gre = generic route encapsulation.
This device shows up like any other network interface and can be used to
tunnel L3 protocols as e.g. IP over IP.
1998-09-13 20:27:47 +00:00
christos 66dd35d72c Fix copyright spacing and 'Van' -> 'van' for consistency. 1998-09-13 15:45:40 +00:00
tv 235fc6a6a9 egcs {brace} warning fix 1998-09-10 19:53:28 +00:00
mouse b95116821c Create tcp.keepidle, tcp.keepintvl, tcp.keepcnt, tcp.slowhz sysctls. 1998-09-10 10:46:03 +00:00
thorpej 9fd57e8917 Make a diagnostic printf more sensible, PR #5951, Heiko W. Rupp. 1998-09-09 04:57:18 +00:00
thorpej 4dbfe05f1f Use an algorithm similar to that in tcp_notify() to determine if
syn_cache_unreach() should remove the entry, or just continue on.

Algorithm is to only remove the entry if we've had more than one unreach
error and have retransmitted 3 or more times.  This prevents the following
scenario, as noted in PR #5909 (PR from Ty Sarna, scenario from
Charles Hannum):

	* Host A sends a SYN.
	* Host A retransmits the SYN.
	* Host B gets the first SYN and sends a SYN-ACK.
	* Host B gets the second SYN and sends a SYN-ACK.
	* One of the SYN-ACK bounces with an
	  ICMP unreachable, causing the `SYN cache' entry to be
	  removed with no notification.
	* Host A receives the other SYN-ACK, sends an ACK, and goes to
	  ESTABLISHED state.

Should fix PR #5909.
1998-09-09 01:32:27 +00:00
christos 0f024deb52 Add SIOCGIFALIAS 1998-09-06 17:52:01 +00:00
kleink bb4f7768e4 Protect _XOPEN_SOURCE against sysctl MIB identifiers. 1998-09-05 19:03:25 +00:00
mycroft e2cb6dad8d Make the randomized part of the ISS 24 bits. 1998-09-04 22:34:51 +00:00
mycroft 2f501074f8 Fix a couple of bogons related to tcp_new_iss():
* Don't add tcp_iss_seq when creating a new ISS from TIME-WAIT state.
* Do the clock increment even when using the rnd device.
1998-09-04 22:29:54 +00:00
scottr e3e7e1673f Fix the NEXT_IA_WITH_SAME_ADDR macro introduced in 1.27: it was finding
the first in_ifaddr structure with a different internet address!  Reverse
the sense of the test.  Spotted by and fix from Eric Haszlakiewicz.
1998-08-14 06:57:54 +00:00
mrg 4a75265273 defopt PFIL_HOOKS. 1998-08-09 08:58:18 +00:00
thorpej 833061914a Use the pool allocator for tcpcbs. 1998-08-02 00:36:19 +00:00
thorpej d319e4b419 Use the pool allocator for syn_cache entries. 1998-08-02 00:35:51 +00:00
thorpej 47e9dcf841 Use the pool allocator for inpcbs. 1998-08-02 00:35:31 +00:00
tls 31d0752b99 change IN_IFADDR_HASH_SIZE to 509, which actually uses no more space than 293 due to rounding up to nearest power of two in hashinit. 1998-07-29 05:18:54 +00:00
pk 84840da908 in_pcballoc(): we can't afford to wait for memory. 1998-07-23 08:24:33 +00:00
mycroft cca4e566a9 Implement a better fix for the `gratuitous FIN' problem, as
mentioned on tcp-impl but with a bit more commentary.
1998-07-21 10:46:00 +00:00
thorpej 3a9ed00799 Document that we are more conservative after doing MTU discovery than the
suggestion in draft-floyd-incr-init-win-03.  Rather than scaling cwnd back
by the ratio of new segment size to old segment size, we perform a slow start
using the Initial Window, computed with the new segment size.
1998-07-17 23:09:58 +00:00
thorpej 0f909866c0 Clarify that we're using the Loss Window when we receive a source quench. 1998-07-17 23:02:38 +00:00
thorpej fa20f24cd9 Add a comment wrt. a current issue w/ CWM. 1998-07-17 23:00:02 +00:00
thorpej a3f4316cba Clarify that we are using the Loss Window if a retransmission occurred
during the three-way handshake.
1998-07-17 22:58:56 +00:00
thorpej 830879a809 Comment where the Restart Window is computed, and in the non-CWM case,
make sure it never _increases_ cwnd.
1998-07-17 22:52:01 +00:00
thorpej 1c4ff0a086 Comment where we use the Loss Window. 1998-07-17 22:18:49 +00:00
sommerfe 69b1b4758d Fix PR5559: if fast-forwarding, DF set, and packet too large, send ICMP error.. 1998-07-17 00:35:23 +00:00
sommerfe 534520d815 Fix PR5508: ipfil cut-through forwarding causes panic 1998-07-17 00:28:00 +00:00
tls deac3540de Put original hash function back. It wastes a little bit of space, but is much more even -- think of the case of a web service provider, some of whose customers end up getting 'inferior service' because they're on addresses that happen to be out at the end of a hash chain. With webservers with thousands of addresses, this is a real issue. If the wasted space is a big deal, we could pick a prime number that's slightly _less_ than a power of two... 1998-07-16 06:45:09 +00:00
thorpej 389da54091 Garbage collect `imp' and `hy'. We don't have the rest of the code, and
it's not like anyone is ever going to be using either of them.
1998-07-15 17:39:20 +00:00
veego 97ab1bd53b Resolve conflicts from the import. 1998-07-12 15:23:59 +00:00
mycroft 3a64270ca6 Back out the change from TCP/IP vol 2, in revision 1.7, which removed TH_FIN
from the output flags for CLOSING state.  There is no harm in retransmitting
the FIN, and this change has unexpected side effects that break simultaneous
close behaviour.
1998-07-09 05:49:56 +00:00
sommerfe 065cac9798 Delete bogus (void) cast of m_freem (which is already a void function..) 1998-07-07 00:04:59 +00:00
jonathan b37021c1a1 defopt NATM. 1998-07-05 22:48:05 +00:00
jonathan 9bf2ba0928 Garbage-collect ``needs-flag'' from attributes ether, fddi, arc:
NETHER, NFDDI, NARC are  not used anywhere. Remove #include "ether.h",
   which had no effect.
Removes clash with "options NATM" for native-ATM network protocol stack.
1998-07-05 22:29:51 +00:00
jonathan 011f2bda08 defopt NS, NSIP. 1998-07-05 06:49:00 +00:00
jonathan 5c0c5dd0b4 defopt ISO TPIP. 1998-07-05 04:37:35 +00:00
jonathan f2a2327e0a defopt EON. 1998-07-05 01:06:49 +00:00
jonathan 3751946b97 defopt INET, NETATALK. 1998-07-05 00:51:04 +00:00
jonathan 466e784ee1 defopt DDB. 1998-07-04 22:18:13 +00:00
thorpej 8cfe8959a6 Fix TCPS_HAVERCVDFIN() to actually catch all TCP states in which a FIN
has been received (CLOSE_WAIT, CLOSING, LAST_ACK, and TIME_WAIT).

From David Borman <dab@bsdi.com>.
1998-07-03 05:39:56 +00:00
is 0ca02c68a7 Thinko in last fix: we have to actually check each address for a copy on
our ifp, else we might fail for some strange configurations.
1998-07-02 14:00:39 +00:00
is d8b8a41918 The rewrite of if_arp.c to work with the hashed interface address lists
(1.44) missed a test for the right interface, making some machines answer
to some bogus arp requests (like for WHO-HAS 127.0.0.1).

The quick patch in 1.46-1.47 does not work for so-called "unnumbered"
interfaces, that is, (point-to-point) interfaces that share their local
address with another (e.g., the Ethernet) interface.

We add a macro to in_var.h, to step (in the current implementation) through
the hash chain and fine more entries with the same address, and use that
in if_arp.c to find one which belongs to our interface.
1998-07-02 11:39:56 +00:00
tls b0d2c08b6b Fix buglet where we might respond to arp on wrong interface. 1998-06-25 20:47:48 +00:00
cgd 651b44e211 Rework the way kernel include files are installed. In the new method,
as with user-land programs, include files are installed by each directory
in the tree that has includes to install.  (This allows more flexibility
as to what gets installed, makes 'partial installs' easier, and gives us
more options as to which machines' includes get installed at any given
time.)  The old SYS_INCLUDES={symlinks,copies} behaviours are _both_
still supported, though at least one bug in the 'symlinks' case is
fixed by this change.  Include files can't be build before installation,
so directories that have includes as targets (e.g. dev/pci) have to move
those targets into a different Makefile.
1998-06-12 23:22:30 +00:00
sommerfe a90d5cd12e Truncate mbufs to the correct length before forwarding; fixes pr5560 1998-06-10 00:47:57 +00:00
thorpej b22946827d Add a comment explaining why we do _not_ ACK data that might accompany
a SYN (avoidance of a DoS attack).
1998-06-02 18:33:02 +00:00
thorpej c296923d2f Loss window MUST be one segment, per draft-floyd-incr-init-win-03. 1998-06-02 17:22:26 +00:00