drochner
d8f1d9401e
Adjust packet len in mbuf header for incoming broadcasts.
...
Closes PR kern/4087 (by myself).
1997-09-12 10:58:31 +00:00
gwr
c74236bfc9
Tweaks to allow operation with an interface address of 0.0.0.0
...
(needed for NFS mountroot using BOOTP to get boot parameters)
1997-08-29 16:02:41 +00:00
matt
b2b8155618
Add IPPROTO_ESP and IPPROTO_AH defines.
1997-08-27 17:05:34 +00:00
thorpej
ca0bba0081
Add ICMP unreachable code #13 - "Communication Administratively Prohibited",
...
per RFC 1716. From Havard Eidnes <he@vader.runit.sintef.no>, PR #4038 .
1997-08-26 18:27:53 +00:00
mycroft
e76ba36231
Make sure we install the route returned by the upcall before trying to
...
forward any queued packets. From Bill Fenner, via Brad Karp.
1997-08-14 06:42:33 +00:00
lukem
fcbcbc2234
struct loif is an array of NLOOP (from "loop.h") elements
1997-08-04 06:18:49 +00:00
is
240cc2913e
Include file in place of the old netinet/if_ether.h, including stuff from
...
where it is now, and adding the specialized for Ethernet version of the ARP
structure, for the benefit of programs which are externally (to us) maintained
and not (yet) ported.
XXX This should NOT be used inside the kernel.
1997-07-29 09:10:51 +00:00
thorpej
4cef61d36b
Generate dependencies for the TCP_SENDSPACE and TCP_RECVSPACE options.
1997-07-28 22:31:08 +00:00
thorpej
db103f4414
Make the following tunable via sysctl, inspired by BSD/OS:
...
- udp_sendspace
- udp_recvspace
1997-07-28 22:19:53 +00:00
thorpej
758a104426
Make the following tunable via sysctl, inspired by BSD/OS:
...
- tcp_sendspace
- tcp_recvspace
- tcp_mssdflt
- tcp_syn_cache_limit
- tcp_syn_bucket_limit
- tcp_syn_cache_timer
1997-07-28 22:18:48 +00:00
thorpej
402ae96361
Garbage-collect some "extern"s.
1997-07-28 22:07:38 +00:00
thorpej
e794123006
Fix a rather severe bug in handling of incoming SYNs for peer/port values
...
which happen to have a TCB in TIME_WAIT, where an mbuf which had been
advanced past the IP+TCP headers and TCP options would be reused as if
it had not been advanced. Problem found by Juergen Hannken-Illjes, who
also suggested a work-around on which this fix is based.
1997-07-28 01:07:48 +00:00
thorpej
efa8881dbe
Pull SYN_cache_branch down into the main line.
1997-07-23 21:26:40 +00:00
kleink
512b9c1d90
Nuke an `#ifdef sparc' conditional around ntohs() usage: this (1) is incomplete
...
and (2) makes no difference anyway. Also, minor KNF.
1997-07-21 16:53:47 +00:00
kleink
b2bead304f
Fix a misplaced brace which caused NAT list corruption; from Dave Huang
...
<khym@bga.com> in PR kern/3872.
1997-07-16 11:06:07 +00:00
mrg
02e5531ec7
put back IPFILTER_DEFAULT_BLOCK, as documented in options(4).
1997-07-08 05:54:02 +00:00
veego
29fcbcb000
Use FR_PASS for IPF_DEFAULT_PASS. This can be overwritten with an
...
options IPF_DEFAULT_PASS=FR_BLOCK in your config file.
1997-07-07 23:08:22 +00:00
fvdl
413872caa0
Get rid of (void) cast to KFREE, as it may be a macro, in which case
...
the cast will be a syntax error.
1997-07-07 22:21:21 +00:00
phil
ccfe711608
Protect against double inclusion. PR 3524.
1997-07-07 20:57:46 +00:00
thorpej
ba90103dd6
The fingerprint of (*fr_checkp)() is the same if compiling in kernel
...
or user code.
1997-07-06 22:32:34 +00:00
thorpej
e0acb98b94
Fix an old and obscure TCP bug, brought to my attention by Bill Fenner,
...
fixed in FreeBSD by John Polstra:
Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern. For full details
as well as a test case that demonstrates the failure, see the
referenced PR (FreeBSD's kern/3998).
Under certain circumstances involving the persist state, it is
possible for the receive side's tp->rcv_nxt to advance beyond its
tp->rcv_adv. This causes (tp->rcv_adv - tp->rcv_nxt) to become
negative. However, in the code affected by this fix, that difference
was interpreted as an unsigned number by max(). Since it was
negative, it was taken as a huge unsigned number. The effect was
to cause the receiver to believe that its receive window had negative
size, thereby rejecting all received segments including ACKs. As
the test case shows, this led to fruitless retransmissions and
eventually to a dropped connection. Even connections using the
loopback interface could be dropped. The fix substitutes the signed
imax() for the unsigned max() function.
Bill informs me that his research indicates this bug appeared in Reno.
1997-07-06 07:04:34 +00:00
thorpej
b19b36aff5
Restore original RCS IDs.
1997-07-06 05:29:13 +00:00
thorpej
329a831bd5
Deal with a bogus warning from -Wuninitialized.
1997-07-06 05:14:08 +00:00
thorpej
0feb054b62
- Add a missing #ifdef SOLARIS
...
- Properly prototype ipfilterattach()/iplattach().
1997-07-06 05:13:40 +00:00
thorpej
c68633278f
- Add a prototype for fixskip() so that this file compiles.
...
- Fix, ONCE AGAIN, semantics of ipfilterattach(). This time, not only
was it semantically broken, it wasn't even close to compiling!
1997-07-06 05:13:00 +00:00
thorpej
3fb8ff16e8
The sheer number of #ifdef's around it should have been a hint that
...
#include <machine/mtpr.h> isn't something you're supposed to do in
NetBSD.
1997-07-06 05:11:28 +00:00
thorpej
ab01c534f6
Fix a bug caught by gcc: add parenthesis to properly group a test.
1997-07-06 05:10:41 +00:00
thorpej
90c43e78e2
Import yet another missing piece of IPFilter 3.2beta1.
1997-07-06 05:02:26 +00:00
thorpej
5a85b0d9fa
Import ip_auth.h from IPFilter 3.2beta1; this was missed during the
...
upgrade.
1997-07-06 04:58:52 +00:00
darrenr
729f0dc597
fix conflicts from import
1997-07-05 05:38:14 +00:00
thorpej
9bf15b8b78
Don't adjust ip->ip_len before calling icmp_error(); icmp_error() already
...
does this. Per Stevens in TCP/IP Illustrated Vol. 2, p.774, submitted
by Koji Imada <koji@math.human.nagoya-u.ac.jp>.
1997-06-24 19:31:34 +00:00
thorpej
a0e791807e
Eliminate use of dtom() from the network code, allowing more flexible
...
use of mbuf external storage and increasing performance (by eliminating
an m_pullup() for clusters in the IP reassembly code).
Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628
and #3480 , with ever-so-slight integration changes by me.
1997-06-24 02:25:59 +00:00
thorpej
b791871522
Increment icmpstat.icps_badlen for bad length of ICMP_MASKREQ, per
...
Stevens in TCP/IP Illustrated vol. 2, p.319. Submitted by
Koji Imada <koji@math.human.nagoya-u.ac.jp> in PR #3712 .
1997-06-24 01:26:19 +00:00
kleink
b8377e5395
As per RFC 793, don't retransmit the FIN during a simultaneous close.
...
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3737
and TCP/IP Illustrated, Vol. 2, respectively.
1997-06-18 10:05:44 +00:00
mrg
c258d0d05e
make it "options IPFILTER_DEFAULT_BLOCK".
1997-06-16 13:38:05 +00:00
kleink
8fb48a5db9
Eliminate a superflouus `if' statement: when detaching the TCP protocol from
...
a socket, just calling tcp_disconnect() on the tcpcb will do the right thing.
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3738
resp. TCP/IP Illustrated, Vol. 2.
1997-06-12 18:41:14 +00:00
kml
6a233e37f6
Fix urgent pointer overflow problems when used with large windows
1997-06-03 16:17:09 +00:00
thorpej
5b0d69d6a8
In ipl_disable(), don't conditionalize the "fr_checkp = fr_savep"
...
operation, since:
- in ipl_enable(), "fr_savep = fr_checkp" is not conditionalized
in the same way (not at all), and
- without this change, it was not possible to enable, disable,
and reenable ipfilter.
1997-06-01 06:57:09 +00:00
thorpej
a464ced388
Change the aps_tout member of struct ap_session from time_t to u_long
...
so that it can be passed to the filter rule aging functions, which
expect a pointer to a u_long. (time_t is an int on the alpha.)
1997-05-28 04:59:34 +00:00
thorpej
fa7df10d8b
Put the #ifndef _KERNEL prototype of get_unit() in <netinet/ip_fil.h>
...
since it is needed by other files, in order to compile on 64-bit
architectures.
1997-05-28 04:48:47 +00:00
thorpej
41d4822677
Resolve conflicts from merge of 3.2a7, take 2. Also, eliminate some
...
silly differences between the NetBSD copy of the code and the
vendor branch, keeping only those which are necessary. Of those
differences that currently exist, several "portability to NetBSD"
issues, which will be fed back to the ipfilter author.
1997-05-28 00:17:11 +00:00
gwr
3cb60b969d
Allow revarpwhoami() to be called multiple times.
...
(Just return the answer if we already have it.)
Without this, the RB_ASKNAME loop fails on every
call to nfs_mountroot after the first call.
1997-05-27 23:14:44 +00:00
thorpej
67a6c44c15
Make this compile on 32-bit architectures again:
...
- Pull in includes to get appropriate prototypes.
1997-05-27 01:24:31 +00:00
thorpej
faeb45fcca
Make this compile on 32-bit architectures:
...
- Add prototypes.
- Add a forward-decl to avoid a cyclic dependency graph.
1997-05-27 01:23:50 +00:00
thorpej
03e37a1874
Make this compile on 32-bit architectures:
...
- Deal with lame gcc -Wuninitialized warning (which is incorrect)
- Add parens around assignments within conditionals.
1997-05-27 01:22:52 +00:00
thorpej
77a115108c
Make this compile on 32-bit architecutres again:
...
- Get arguments to ioctl right (cmd is a u_long in NetBSD)
1997-05-27 01:21:33 +00:00
thorpej
55323c48ca
Make this compile on 32-bit architectures again:
...
- Add prototypes.
- Get arguments to ioctl right (cmd is a u_long in NetBSD)
1997-05-27 01:20:46 +00:00
thorpej
5d1bb7474a
Make this compile on 32-bit architectures:
...
- Add prototypes.
- garbage-collect unused variables.
1997-05-27 01:19:48 +00:00
thorpej
6c873135ee
Make this compile on 32-bit architectures again:
...
- garbage-collect unused variables.
1997-05-27 01:18:47 +00:00
thorpej
e8e871e8ca
Make this compile on 32-bit architectures again:
...
- Don't prototype functions that don't exist, and do prototype those
that do.
- Get ioctl arguments right (cmd is a u_long in NetBSD).
1997-05-27 01:17:04 +00:00