Commit Graph

911 Commits

Author SHA1 Message Date
itojun ef0be725b3 if I'm bridging and got a packet to interface address on if A from if B,
advertise MAC address for if A with ARP reply.
2001-08-20 03:13:45 +00:00
thorpej c82b0994e7 Permit weaker interface matches for incoming ARP packets if the packet was
received on an interface that is part of a bridge and we find an ifaddr on
an interface that is part of the same bridge.
2001-08-17 21:47:57 +00:00
itojun 74ad87bc53 gif interface now uses generic software interrupt
(on archs that support it).  also, make gif ALTQ-capable on outgoing.
sync with kame, comments from thorpej.
2001-08-16 17:45:25 +00:00
yamt 5d1c2fff55 fix cksum error of udp and tcp packet with ip options 2001-08-11 12:26:50 +00:00
itojun 57030e2f12 cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed,
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.
2001-08-06 10:25:00 +00:00
thorpej 35df06a642 Carve off the code that builds a TCP data packet into its own
function, and inline it, except when profiling... so we can
profile it.
2001-07-31 02:25:22 +00:00
thorpej 938720eea4 Count the number of times we "self-quench" (ip_output() returns
ENOBUFS), and don't inline tcp_segsize() if profiling.
2001-07-31 00:57:45 +00:00
itojun cad488d032 sync gif interface code with latest kame.
IFF_RUNNING is clearified.  attach/detach logic is more clearner.
the old code mistakenly set IFF_UP by itself, now the behavior is gone.
2001-07-29 05:08:32 +00:00
itojun 66c75f4967 do not check in_dstaddr on in_{add,scrub}prefix, otherwise linklocal
address manipulation could choke.  sync with kame
2001-07-27 02:04:08 +00:00
thorpej 52654926a4 Slight cosmetic change. 2001-07-26 21:47:04 +00:00
itojun fd5e7077a3 allocate ipsec policy buffer attached to pcb in in*_pcballoc, before
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
2001-07-25 23:28:02 +00:00
itojun 49f2e6958f g/c #if 0'ed fragment. sync with kame. 2001-07-25 06:05:16 +00:00
enami 4b21362a47 Remove an obsolete comment. 2001-07-25 00:13:16 +00:00
itojun ddf920093e wrap IPv6 code by #ifdef INET6 2001-07-23 15:20:41 +00:00
itojun 489df53efe use in6_maxmtu, not in_maxmtu, for IPv6 mss computation 2001-07-23 15:17:58 +00:00
itojun 6338419cfb manage IFA_ROUTE on interface address better, so that we can
provide a better support for multiple address with the same prefix better.
(like 10.0.0.1/8 and 10.0.0.2/8 on the same interface)
continuation of PR 13311.

remove irrelevant #if 0'ed segment for PR 10427.
2001-07-22 16:18:31 +00:00
wiz a9356936b4 seperate -> separate 2001-07-22 13:33:58 +00:00
enami 5e40498018 Add missing counting up of ``socket buffer is full'' counter when
failed to sbappendaddr().
2001-07-17 02:44:00 +00:00
itojun 09ddb6a1f1 do not #ifdef in headers. usr.sbin/trpt needs it. 2001-07-09 07:53:20 +00:00
abs 03aaf3d8b4 Rename TCPDEBUG to TCP_DEBUG, defopt TCP_DEBUG and TCP_NDEBUG, and
make all usage of tcp_trace dependent on TCP_DEBUG - resulting in
a 31K saving on an INET enabled i386 kernel.
2001-07-08 16:18:56 +00:00
abs 2f72fbeeab Give TCPDEBUG a chance of working - fix printf() types, add missing &s,
and remove attempt to use a non existant tcphdr field.
2001-07-08 15:59:18 +00:00
itojun c3740d7821 IP6_EXTHDR_GET0 had no check against m->m_len (noone was using this macro).
sync with kame
2001-07-05 23:41:07 +00:00
itojun 0fec95079e better support for multiple IPv4 addresses on a single interface.
- consider non-primary (2nd and beyond) IPv4 address as "local", and prevent
  outgoing ARP.
- for routing entries generated by ARP, make sure to set rt->rt_ifa equal to
  rt_key, to help IPv4 source address selection for traffic to myself.
PR 13311.

caveats/TODOs:
- interface routes ("connected routes" in cisco terminlogy) is tied with the
  primary (1st) IPv4 address on the interface.  should be fixed with updates
  to rt_ifinit().
- source address selection for offlink locations.  1st address tend to be used
  with the current code
  (you can configure it right by setting rt->rt_ifa accordingly).
2001-07-04 02:29:58 +00:00
itojun 193167b1eb call in{,6}_pcbpurgeif0() before in{,6}_purgeif(). 2001-07-03 08:06:19 +00:00
itojun 1ff38f4d03 on interface removal, remove multicast groups joined from pcb, before
removing interface addresses.  without the change, we may deref
NULL pointer in in_pcbpurgeif().  from jinmei@kame, sync with kame
2001-07-02 15:25:34 +00:00
itojun 3e8e591c7f fix udp reception to sockets bound to linklocal address (like fe80::1%lo0).
sync with kame
2001-06-27 23:40:50 +00:00
wiz 3f9984fc90 `existent', not `existant' 2001-06-19 13:42:07 +00:00
wiz 0a600be867 receive, not recieve 2001-06-12 15:17:10 +00:00
tron ea44bc48d3 Make arplookup error messages more informative. Patch supplied by
Andrew Brown in PR kern/13162.
2001-06-11 06:19:50 +00:00
thorpej ad9d3794b0 Implement support for IP/TCP/UDP checksum offloading provided by
network interfaces.  This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us.  In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software.  This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off".  It is
enabled with ifconfig(8).  See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
2001-06-02 16:17:09 +00:00
soda ea2e5754dd missing opt_inet.h 2001-05-31 19:56:13 +00:00
mrg 67afbd6270 use _KERNEL_OPT 2001-05-30 11:57:16 +00:00
itojun e44d476e4e typo in comment 2001-05-27 23:46:51 +00:00
matt 524a19371f Make t_flags a u_int instead of u_short. It's followed by a mbuf pointer
so there's padding around it already.  And it increases the amount of bits
available for TF_* flags.
2001-05-26 22:02:57 +00:00
matt 24f26c957e Add TCP_MD5SIGNATURE option. 2001-05-26 21:40:55 +00:00
ragge 7952ffd61f defined(vax) -> defined(__vax__). This may fix PR#12919. 2001-05-26 21:29:45 +00:00
ragge 474bc8ee6d Remove one #ifdef vax, bugfix another. Should probably be #ifdef i386 also. 2001-05-26 21:27:09 +00:00
itojun a7596d1912 call icmp6_mtudisc_update(foo, 0) even if ICMPv6 messages are very short.
let icmp6 layer decide whether we take PMTUD routes or not.
2001-05-24 07:22:27 +00:00
lukem 07d4fbd104 fix spelo in comment 2001-05-21 03:31:36 +00:00
martin 449c740399 Remove tests for IPN_FRAG bits.
There is no place in the source where this bit could ever be set (or I'm
to blind to find it).

This fixes PR 12671.

If someone thinks this is the wrong solution, please make sure to (a) reopen
the PR and (b) explain to me how the tested bits would ever get set. I'll
be glad to then look further for the real cause (i.e. the flags not getting
set in the case described in the PR).
2001-05-20 13:03:39 +00:00
thorpej 937cea769e Brain'o in last. Pointed out by Steve Woodford <scw@netbsd.org>. 2001-05-19 14:20:40 +00:00
thorpej 905e7935a9 Don't compute psuedo header checksum if nxt == 0. 2001-05-19 00:13:53 +00:00
matt 0c779d0a01 Use the LIST_NEXT & LIST_FIRST macros instead of refering to
le_next & lh_first.
2001-05-14 19:50:43 +00:00
itojun 498fdebcd7 drop multi destination mode (IFF_LINK0). 2001-05-14 13:35:20 +00:00
christos 00adbfd8d6 - Handle realloc failure without leaking memory
(reported by: grendel@heorot.stanford.edu (Ted U)
- Don't cast malloc/realloc/calloc return values because they hide LP64 bugs.
- Don't destroy the whole array when realloc fails
- Use calloc in all cases (malloc was used inconsistently).
- Avoid duplicating code.

Reviewed by: ross
2001-05-12 19:21:57 +00:00
itojun 63181d71c1 correct ecn consideration on tunnel encap/decap. sync with kame. 2001-05-10 01:37:42 +00:00
itojun 1bec764d78 correct faith prefix determination. use sys/netinet/if_faith.c:faithprefix()
to determine.  sync with kame.
(without this change, non-faith socket may mistakenly accept for-faith traffic)
2001-05-08 10:15:13 +00:00
itojun 02077e028f pull encapsulated packet for vif* via ip_encap framework. 2001-05-08 10:07:15 +00:00
fvdl b7025ec37b Make it possible to override TCP_NDEBUG. The default value of 100
wastes quite a bit of space (0xfa00).
2001-04-29 15:18:01 +00:00
itojun 8799a9c64b give a default value to net.inet.ip.maxfragpackets, to protect us from
"lots of fragmented packets" DoS attack.

the current default value is derived from ipv6 counterpart, which is
a magical value "200".  it should be enough for normal systems, not sure
if it is enough when you take hundreds of thousands of tcp connections on
your system.  if you have proposal for a better value with concrete reasons,
let me know.
2001-04-16 17:03:33 +00:00