jdolecek
b10eb8758b
Disable the H.323 proxy again - it's too buggy to be supported option
...
for now. Suggested by Matthew Green and Bernd Ernesti.
2002-04-01 18:07:10 +00:00
jdolecek
af2aedbe22
put back ip_h323_pxy.c - the QNX licence seems to be okay upon
...
further examination
2002-04-01 16:50:08 +00:00
jdolecek
c56211c431
add __KERNEL_RCSID()
2002-04-01 16:47:46 +00:00
jdolecek
69b18217c3
add RCS IDs
2002-04-01 16:45:24 +00:00
jdolecek
905b8db7c7
add __KERNEL_RCSID()
2002-04-01 16:44:28 +00:00
jdolecek
cedc0276dc
Import H.323 proxy of IPFilter 3.4.25. Upon closer examination,
...
the QNX licence seems to be allow both non-commercial and commercial
use actually.
According to Darren, the H.323 proxy code is buggy ATM, but is imported
here for reference anyway.
2002-04-01 16:29:31 +00:00
itojun
2f227734df
do not consider /32 address itself as broadcast.
...
with /32 address, in_addr == in_broadaddr.
2002-03-30 00:40:32 +00:00
christos
4f0742e306
Change the multicast/broadcast test to happen later, and when we are
...
in listen mode. Fixes panic with telnet ::1 port, where the port is an
ipv4 open port.
2002-03-24 17:09:01 +00:00
itojun
bd5373f4e2
no need to check in_broadaddr/IN_MULTICAST in dropwithreset label.
...
suggested by enami
2002-03-22 04:31:01 +00:00
itojun
1f14081709
make sure we don't touch "ip" in IPv6 path
2002-03-22 03:21:13 +00:00
christos
9c8babbd46
Drop connections to the broadcast address. From BUGTRAQ. This is a security
...
issue because it can by-pass ipf rules unintentionally.
2002-03-19 14:35:20 +00:00
itojun
38f3d28842
have tcp6_drain
2002-03-15 09:25:41 +00:00
martin
58d564bc8c
Add MSS clamping to the IP Filter NAT subsystem.
...
Configured by a new option "mssclamp" in NAT rules, like:
map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452
This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
martti
dd7a744e5a
Added (char *) for pointer arithmetic
2002-03-14 12:34:29 +00:00
martti
3e033bc0f1
Removed unused proxy file
2002-03-14 12:34:25 +00:00
martti
83b3487b70
Upgraded IPFilter to 3.4.25
2002-03-14 12:32:36 +00:00
itojun
7f7fe98c2c
support tcp_log_refused for IPv6. From: Andrew Brown <atatat@atatdot.net>
2002-03-12 04:36:47 +00:00
martin
0039b1300a
KNFify my last change.
2002-03-11 10:06:12 +00:00
thorpej
a180cee23b
Pool deals fairly well with physical memory shortage, but it doesn't
...
deal with shortages of the VM maps where the backing pages are mapped
(usually kmem_map). Try to deal with this:
* Group all information about the backend allocator for a pool in a
separate structure. The pool references this structure, rather than
the individual fields.
* Change the pool_init() API accordingly, and adjust all callers.
* Link all pools using the same backend allocator on a list.
* The backend allocator is responsible for waiting for physical memory
to become available, but will still fail if it cannot callocate KVA
space for the pages. If this happens, carefully drain all pools using
the same backend allocator, so that some KVA space can be freed.
* Change pool_reclaim() to indicate if it actually succeeded in freeing
some pages, and use that information to make draining easier and more
efficient.
* Get rid of PR_URGENT. There was only one use of it, and it could be
dealt with by the caller.
From art@openbsd.org .
2002-03-08 20:48:27 +00:00
itojun
ac36f7cb2c
bring in latest ALTQ from kjc. ALTQify some of the drivers.
2002-03-05 04:12:57 +00:00
sommerfeld
3406f0a3dd
The "gif*" tunnelling interface does everything ipip does.
...
Move usage example from ipip.4 to gif.4
Excise ipip and stitch up the scars.
2002-03-04 13:24:06 +00:00
thorpej
1caa35aa0f
In tcp_segsize(), move a label so that option length is considered
...
when using the default TCP MSS as well. From Matt Thomas.
2002-03-01 22:54:09 +00:00
thorpej
10444ca48f
In in_savemkludge() and in_restoremkludge(), don't insert into a new
...
list without removing from the old one first.
From Matt Thomas.
2002-03-01 22:51:28 +00:00
martin
75c5a16cfc
Enforce a lower bound of 32 for tcp_mssdflt.
...
This avoids kernel crashes when we don't handle nonsensial values
like 0 gracefully. Better check here once beforehand than having to
check for non meaningful values in time critical paths (like tcp_output).
Fixes PR 15709.
2002-02-28 20:26:17 +00:00
itojun
8832af6e59
correctly enforce ipsec policy check on forwarding case.
...
From: Greg Troxel <gdt@ir.bbn.com>, Bill Chiarchiaro <wjc@work.cleartech.com>
2002-02-25 02:17:55 +00:00
martin
a7d662b71c
Clear M_BCAST and M_MCAST on outgoing mbufs.
...
Don't copy ttl from the inner packet to the encapsulating packet. Make
the outer ttl sysctl'able. This should close PR 14269 from Jasper Wallace
(change partly from there) and it makes traceroute work over gre tunnels.
2002-02-24 17:22:20 +00:00
christos
61e29fb60a
Sean amended his patch not to include the IFAFREE()
2002-02-21 22:39:17 +00:00
christos
2446cd0b68
PR/15662: Sean Boudreau: make sure we clean all routes of an interface when
...
we change its ip address.
2002-02-21 21:59:16 +00:00
itojun
9c68db2bfc
suppress source quence message, based on router-req RFC (also could be abused
...
as DoS traffic generator). from kjc/kame
2002-02-21 08:39:33 +00:00
thorpej
35a343b018
IFF_POINTTOPOINT interfaces can also transmit packets to broadcast
...
destinations.
2002-02-07 21:47:45 +00:00
thorpej
eb79ee01a8
ip_mloopback(): process the delayed checksum on the copy, not
...
the original mbuf.
2002-02-06 18:00:01 +00:00
itojun
d303c80bfb
correct bad ip checksum on multicast loopback packet. PR14597
2002-01-31 07:45:22 +00:00
martti
b035470c38
Fixed initialization
2002-01-24 08:24:59 +00:00
martti
7a8f11612c
Re-sync with IPFilter
2002-01-24 08:23:40 +00:00
martti
b9920d0f43
Upgraded IPFilter to 3.4.23
2002-01-24 08:21:30 +00:00
martti
b0499f9062
Import IPFilter 3.4.23
2002-01-24 08:18:28 +00:00
itojun
a709c83618
place NRL copyright notice itself, not a reference to it.
2002-01-24 02:12:29 +00:00
itojun
ae1b9c29e9
make sure to check address family on route cache. with IPv4 mapped
...
address we can see both AF_INET/INET6.
2002-01-22 03:53:55 +00:00
itojun
1cc58965b6
don't panic when there's no interface address exist for the specified multicast
...
outgoing interface (ia == NULL after IFP_TO_IA).
historic behavior (up to revision 1.43) was to use 0.0.0.0 as source address,
but it seems like a mistake according to RFC1112/1122.
2002-01-08 10:05:13 +00:00
itojun
28922b9973
use radix table for inbound tunnel lookup (would increase performance
...
for machines with a lot of tunnels).
update route cache for IPvX-over-IPv6 tunnel on path MTU discovery.
snyc with kame
2001-12-21 06:30:43 +00:00
itojun
af7e7f7b93
whitespace. protect from multiple inclusion. sync with kame
2001-12-21 04:11:24 +00:00
itojun
9fe96e61e6
call rip_ctlinput on icmp4 inputs
2001-12-21 04:07:25 +00:00
itojun
745e191850
move protosw fragment for gif/stf to their own source code.
...
reduce #ifdef in stf code. sync with kame
2001-12-21 03:21:50 +00:00
itojun
f05aaf1533
have packed attribute to protocol structs. sync with kame
2001-12-21 02:52:18 +00:00
itojun
dde7f16c1c
have rip_ctlinput to notify routing changes to raw sockets
...
(protosw change to be done). sync with kame
2001-12-21 02:51:47 +00:00
itojun
f504aee318
comment and whitespace. sync with kame
2001-12-21 02:51:08 +00:00
itojun
a36173e7a6
whitespace. sync with kame
2001-12-21 02:50:28 +00:00
itojun
33429d0612
correct timing to increment icmp6 MIB variables. sync with kame
2001-12-07 10:10:43 +00:00
jmcneill
078a8c0cc3
Fix TCP segment size computation. From Rick Byersm, PR kern/14799.
2001-12-03 01:45:43 +00:00
darrenr
dd626d89c9
recompute hlen after calling pfil_run_hooks() in case ip_hl was changed.
2001-11-28 09:25:13 +00:00