Commit Graph

991 Commits

Author SHA1 Message Date
jdolecek
b10eb8758b Disable the H.323 proxy again - it's too buggy to be supported option
for now. Suggested by Matthew Green and Bernd Ernesti.
2002-04-01 18:07:10 +00:00
jdolecek
af2aedbe22 put back ip_h323_pxy.c - the QNX licence seems to be okay upon
further examination
2002-04-01 16:50:08 +00:00
jdolecek
c56211c431 add __KERNEL_RCSID() 2002-04-01 16:47:46 +00:00
jdolecek
69b18217c3 add RCS IDs 2002-04-01 16:45:24 +00:00
jdolecek
905b8db7c7 add __KERNEL_RCSID() 2002-04-01 16:44:28 +00:00
jdolecek
cedc0276dc Import H.323 proxy of IPFilter 3.4.25. Upon closer examination,
the QNX licence seems to be allow both non-commercial and commercial
use actually.

According to Darren, the H.323 proxy code is buggy ATM, but is imported
here for reference anyway.
2002-04-01 16:29:31 +00:00
itojun
2f227734df do not consider /32 address itself as broadcast.
with /32 address, in_addr == in_broadaddr.
2002-03-30 00:40:32 +00:00
christos
4f0742e306 Change the multicast/broadcast test to happen later, and when we are
in listen mode. Fixes panic with telnet ::1 port, where the port is an
ipv4 open port.
2002-03-24 17:09:01 +00:00
itojun
bd5373f4e2 no need to check in_broadaddr/IN_MULTICAST in dropwithreset label.
suggested by enami
2002-03-22 04:31:01 +00:00
itojun
1f14081709 make sure we don't touch "ip" in IPv6 path 2002-03-22 03:21:13 +00:00
christos
9c8babbd46 Drop connections to the broadcast address. From BUGTRAQ. This is a security
issue because it can by-pass ipf rules unintentionally.
2002-03-19 14:35:20 +00:00
itojun
38f3d28842 have tcp6_drain 2002-03-15 09:25:41 +00:00
martin
58d564bc8c Add MSS clamping to the IP Filter NAT subsystem.
Configured by a new option "mssclamp" in NAT rules, like:

 map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452

This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
martti
dd7a744e5a Added (char *) for pointer arithmetic 2002-03-14 12:34:29 +00:00
martti
3e033bc0f1 Removed unused proxy file 2002-03-14 12:34:25 +00:00
martti
83b3487b70 Upgraded IPFilter to 3.4.25 2002-03-14 12:32:36 +00:00
itojun
7f7fe98c2c support tcp_log_refused for IPv6. From: Andrew Brown <atatat@atatdot.net> 2002-03-12 04:36:47 +00:00
martin
0039b1300a KNFify my last change. 2002-03-11 10:06:12 +00:00
thorpej
a180cee23b Pool deals fairly well with physical memory shortage, but it doesn't
deal with shortages of the VM maps where the backing pages are mapped
(usually kmem_map).  Try to deal with this:

* Group all information about the backend allocator for a pool in a
  separate structure.  The pool references this structure, rather than
  the individual fields.
* Change the pool_init() API accordingly, and adjust all callers.
* Link all pools using the same backend allocator on a list.
* The backend allocator is responsible for waiting for physical memory
  to become available, but will still fail if it cannot callocate KVA
  space for the pages.  If this happens, carefully drain all pools using
  the same backend allocator, so that some KVA space can be freed.
* Change pool_reclaim() to indicate if it actually succeeded in freeing
  some pages, and use that information to make draining easier and more
  efficient.
* Get rid of PR_URGENT.  There was only one use of it, and it could be
  dealt with by the caller.

From art@openbsd.org.
2002-03-08 20:48:27 +00:00
itojun
ac36f7cb2c bring in latest ALTQ from kjc. ALTQify some of the drivers. 2002-03-05 04:12:57 +00:00
sommerfeld
3406f0a3dd The "gif*" tunnelling interface does everything ipip does.
Move usage example from ipip.4 to gif.4
Excise ipip and stitch up the scars.
2002-03-04 13:24:06 +00:00
thorpej
1caa35aa0f In tcp_segsize(), move a label so that option length is considered
when using the default TCP MSS as well.  From Matt Thomas.
2002-03-01 22:54:09 +00:00
thorpej
10444ca48f In in_savemkludge() and in_restoremkludge(), don't insert into a new
list without removing from the old one first.

From Matt Thomas.
2002-03-01 22:51:28 +00:00
martin
75c5a16cfc Enforce a lower bound of 32 for tcp_mssdflt.
This avoids kernel crashes when we don't handle nonsensial values
like 0 gracefully. Better check here once beforehand than having to
check for non meaningful values in time critical paths (like tcp_output).

Fixes PR 15709.
2002-02-28 20:26:17 +00:00
itojun
8832af6e59 correctly enforce ipsec policy check on forwarding case.
From: Greg Troxel <gdt@ir.bbn.com>, Bill Chiarchiaro <wjc@work.cleartech.com>
2002-02-25 02:17:55 +00:00
martin
a7d662b71c Clear M_BCAST and M_MCAST on outgoing mbufs.
Don't copy ttl from the inner packet to the encapsulating packet. Make
the outer ttl sysctl'able. This should close PR 14269 from Jasper Wallace
(change partly from there) and it makes traceroute work over gre tunnels.
2002-02-24 17:22:20 +00:00
christos
61e29fb60a Sean amended his patch not to include the IFAFREE() 2002-02-21 22:39:17 +00:00
christos
2446cd0b68 PR/15662: Sean Boudreau: make sure we clean all routes of an interface when
we change its ip address.
2002-02-21 21:59:16 +00:00
itojun
9c68db2bfc suppress source quence message, based on router-req RFC (also could be abused
as DoS traffic generator).  from kjc/kame
2002-02-21 08:39:33 +00:00
thorpej
35a343b018 IFF_POINTTOPOINT interfaces can also transmit packets to broadcast
destinations.
2002-02-07 21:47:45 +00:00
thorpej
eb79ee01a8 ip_mloopback(): process the delayed checksum on the copy, not
the original mbuf.
2002-02-06 18:00:01 +00:00
itojun
d303c80bfb correct bad ip checksum on multicast loopback packet. PR14597 2002-01-31 07:45:22 +00:00
martti
b035470c38 Fixed initialization 2002-01-24 08:24:59 +00:00
martti
7a8f11612c Re-sync with IPFilter 2002-01-24 08:23:40 +00:00
martti
b9920d0f43 Upgraded IPFilter to 3.4.23 2002-01-24 08:21:30 +00:00
martti
b0499f9062 Import IPFilter 3.4.23 2002-01-24 08:18:28 +00:00
itojun
a709c83618 place NRL copyright notice itself, not a reference to it. 2002-01-24 02:12:29 +00:00
itojun
ae1b9c29e9 make sure to check address family on route cache. with IPv4 mapped
address we can see both AF_INET/INET6.
2002-01-22 03:53:55 +00:00
itojun
1cc58965b6 don't panic when there's no interface address exist for the specified multicast
outgoing interface (ia == NULL after IFP_TO_IA).

historic behavior (up to revision 1.43) was to use 0.0.0.0 as source address,
but it seems like a mistake according to RFC1112/1122.
2002-01-08 10:05:13 +00:00
itojun
28922b9973 use radix table for inbound tunnel lookup (would increase performance
for machines with a lot of tunnels).
update route cache for IPvX-over-IPv6 tunnel on path MTU discovery.
snyc with kame
2001-12-21 06:30:43 +00:00
itojun
af7e7f7b93 whitespace. protect from multiple inclusion. sync with kame 2001-12-21 04:11:24 +00:00
itojun
9fe96e61e6 call rip_ctlinput on icmp4 inputs 2001-12-21 04:07:25 +00:00
itojun
745e191850 move protosw fragment for gif/stf to their own source code.
reduce #ifdef in stf code.  sync with kame
2001-12-21 03:21:50 +00:00
itojun
f05aaf1533 have packed attribute to protocol structs. sync with kame 2001-12-21 02:52:18 +00:00
itojun
dde7f16c1c have rip_ctlinput to notify routing changes to raw sockets
(protosw change to be done).  sync with kame
2001-12-21 02:51:47 +00:00
itojun
f504aee318 comment and whitespace. sync with kame 2001-12-21 02:51:08 +00:00
itojun
a36173e7a6 whitespace. sync with kame 2001-12-21 02:50:28 +00:00
itojun
33429d0612 correct timing to increment icmp6 MIB variables. sync with kame 2001-12-07 10:10:43 +00:00
jmcneill
078a8c0cc3 Fix TCP segment size computation. From Rick Byersm, PR kern/14799. 2001-12-03 01:45:43 +00:00
darrenr
dd626d89c9 recompute hlen after calling pfil_run_hooks() in case ip_hl was changed. 2001-11-28 09:25:13 +00:00