Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
54,954 Commits 606 Branches 0 Tags 3.1 GiB
5493437dd8
Commit Graph

602 Commits

Author SHA1 Message Date
hwr
33a8a5933b Drop packets, that have a Class-D address as source address. 
Implements the first half of PR 7003.
 1999-05-03 21:14:47 +00:00
thorpej
2cd33a0ce1 Implement retransmit logic for the SYN cache engine. Fixes a rare condition 
where one side can think a connection exists, where the other side thinks
the connection was never established.

The original problem was first reported by Ty Sarna in PR #5909.  The
original fix I made to the code didn't cover all cases.  The problem this
fix addresses was reported by Christoph Badura via private e-mail.

Many thanks to Bill Sommerfeld for helping me to test this code, and
for finding a subtle bug.
 1999-04-29 03:54:22 +00:00
hwr
fb7871d6b2 If the incoming code value is 0, timer gets 0, which would mean 
a divide by zero afterwards.
This is also, what Bill Fenner seems to have done in the FreeBSD igmp
code.
This should fix kern/6541.
 1999-04-25 10:26:29 +00:00
simonb
be3adbebcc Don't extern sb_max, <sys/socketvar.h> provides a definition. 1999-04-22 01:32:30 +00:00
kml
a7f8ef5e9b Ensure that out of window SYNs receive an ACK in responce, rather than 
being dropped.  This fixes a bug reported by Jason Thorpe.
 1999-04-09 22:01:07 +00:00
proff
8775e52947 tiny KNF change 1999-04-07 05:34:32 +00:00
proff
ae938abb49 Prevent reception of packets on downed interfaces (via an up interface). 
fixes kern/7327
 1999-04-07 02:31:05 +00:00
tron
1b27086b7e - Make sure that interface can't be marked up before a route to the remote 
tunnel end was found.
- Flush route and reset MTU if interface is marked down.
 1999-04-04 09:10:27 +00:00
tron
ef85f04fcb Avoid kernel panic if interface is configured before a route to the 
remote of the tunnel can be found.

XXX If you manually mark the interface as "UP" and set the MTU later
XXX sending a packet will still cause a kernel panic.
 1999-04-04 00:21:53 +00:00
hwr
3f5c626e42 Setting of source and destination IP is not done by 
passing SIOCSIFADDR/SIOIFDSTADDR, but by passing the addresses in
the appropriate structs.
One of the mysteries of ifconfig IMHO...

Should fix kern/6899.
 1999-04-02 20:39:23 +00:00
mycroft
742a052418 Fix a null pointer dereference in the case where forwarding is turned on and 
there are interfaces up but with no addresses.
 1999-03-30 19:02:56 +00:00
nathanw
9c6754cd69 Alpha printf format fixes. 
Closes PR kern/7258.
 1999-03-27 21:47:59 +00:00
aidan
da1b3a7abf Added per-addr input/output statistics. Currently just support netatalk 
and netinet, currently only tested under netinet.

Disabled by default, enabled by compiling the kernel with option
IFA_STATS.  Enabling this feature seems to make the ip_output function
take 13% longer than before, which should be OK for people that need
this feature.
 1999-03-27 01:24:49 +00:00
proff
85ab19698a security: test for ip_len < ip_hl <<2 and drop packet accordingly 1999-03-26 08:51:35 +00:00
lukem
8a931fcdd8 Ensure that you can only bind a more specific address when it is done by the 
same uid or by root.

This code is from FreeBSD. (Whilst it was originally obtained from OpenBSD,
FreeBSD fixed it to work with multicast. To quote the commit message:
    - Don't bother checking for conflicting sockets if we're binding to a
      multicast address.
    - Don't return an error if we're binding to INADDR_ANY, the conflicting
      socket is bound to INADDR_ANY, and the conflicting socket has
      SO_REUSEPORT set.
)
 1999-03-23 10:45:37 +00:00
bad
a5283c98c0 Add support for Token-Ring source routes in the ARP cache. 
By Onno van der Linden.
 1999-03-22 22:30:42 +00:00
perry
d446fb449c exterminate ovbcopy. patches provided by Erik Bertelsen, pr-7145 1999-03-12 22:42:30 +00:00
mycroft
c6d172438d Minor cleanup to use LONG_SUM() and CALC_SUMD() more. 1999-03-05 07:27:09 +00:00
explorer
cff4c9630b Don't mix in data just to stir the rnd pool. Extracting data will do that, 
any network packets received might, too, so this is already taken care of.
 1999-02-28 13:41:24 +00:00
drochner
918dfd95e1 -always do an RARP if revarpwhoarewe() is called, it might be for another 
interface or the server's configuration has changed
-g/c revarpwhoami()
 1999-02-21 15:17:14 +00:00
matt
7ebd19d744 According to Dave Borman, the iss should be using snd_nxt and not rcv_nxt 
(from tcp_impl mailing-list).
 1999-02-05 22:37:24 +00:00
explorer
25d32ef34d REALLY only update the window when we get an ACK. (the old code seemed broken) 1999-02-04 22:58:37 +00:00
cjs
8befad84b1 Remove SCCS markers and make these compile in $NetBSD$ IDs. 1999-02-02 19:57:30 +00:00
thorpej
a350d7b28b Set the tunnel destination address correctly. Should fix PR #6899. 1999-02-02 07:20:13 +00:00
marc
5f688e6632 remove gre_softc declaration; the symbol is no longer used in this 
file.
 1999-02-02 07:10:45 +00:00
mycroft
5e373d307f Clear mfchashtbl after it's deallocated, to kill a stray pointer. Fixes PR 
5400.
 1999-02-01 15:09:46 +00:00
thorpej
a22cfcf3d4 Make programs that use raw IP work again; trim the header length from ip_len 
before handing the packet off to the socket.
 1999-01-30 21:43:16 +00:00
itohy
7751c2e2eb ~htons(...) is always negative. 1999-01-28 21:29:27 +00:00
thorpej
6c30816c15 Fix a slight error in previous. Rearrange some code in tcp_respond() so 
that a DIAGNOSTIC check against the destination address is actually
checking the destination address.  "oops."
 1999-01-26 08:28:50 +00:00
mycroft
8ede79f2b4 One more tweak to the checksum hack, and I promise I'm done. B-) 1999-01-25 15:53:29 +00:00
mycroft
50438b6df0 Absolutely minor tweak to generate better code. 1999-01-25 15:36:50 +00:00
mycroft
70e6acdfef Update the comment about the checksum hack. It was way out of date. 1999-01-24 13:34:35 +00:00
mycroft
94895652e1 Modify the checksum slightly so that the htons()s can all be combined. 1999-01-24 12:57:38 +00:00
thorpej
a58f271406 Oops, forgot to update copyright notice in previous. 1999-01-24 01:21:18 +00:00
thorpej
86e2c3fbc6 * Completely rewrite syn_cache_respond(). 
- Don't use tcp_respond(), instead create the tcp/ip header from scratch,
and send it ourself.
- Reuse the mbuf that carried the SYN, or allocate one if that is not
available.
- Cache the route we look up to do the Path MTU Discovery check, and
transfer the reference to that route to the inpcb when the connection
completes.
* Macro'ize a small, but often repeated code fragment.
 1999-01-24 01:19:28 +00:00
mycroft
b790730226 Fix problems with fr_tcpsum() that prevented the FTP proxy from working. 1999-01-23 08:50:52 +00:00
thorpej
a43786143f Fix a problem pointed out by Charles Hannum; DF wasn't being set in 
SYN,ACK packets during Path MTU Discovery.  Fix tcp_respond() to do the
appropriate route lookup and set DF as appropriate.

Also, fixup similar code in tcp_output() to relookup the route if it
is down.
 1999-01-20 03:39:54 +00:00
mycroft
231a906c71 There's just no plausible reason to byte-swap ip_id internally. It's opaque. 1999-01-19 23:39:56 +00:00
mycroft
7eeb5a04da Don't screw with ip_len; just subtract from it where we actually use the 
value.
 1999-01-19 23:03:20 +00:00
mycroft
d3ea3de1af Fix byte-swapping of ip_len in returned IP header. 1999-01-19 22:10:42 +00:00
mycroft
fc1211a6ab Don't overwrite the checksum fields when checking them. There's no reason to 
do this, and it screws up ICMP replies.
XXX The returned IP checksum and length are still wrong.
 1999-01-19 21:58:40 +00:00
thorpej
4b0e6bb4dc Domains are associated with protocol families, not address families. 1999-01-14 01:16:55 +00:00
thorpej
98d3903da8 Use the count supplied to the pseudo-device attach routine to dynamically 
allocate (once) the ipip_softc array; don't assume NIPIP contains the count.
 1999-01-13 23:01:20 +00:00
thorpej
555784ccd5 Fix byte order and ip_len inconsistencies in ICMP reply code. Also, fix 
some formatting and HTONS(foo) vs. foo = htons(foo) inconsistencies.

PR #6602, Darren Reed.
 1999-01-11 22:35:06 +00:00
thorpej
6ae68b4feb Pull the IP-in-IP tunneling support out of the GRE code. It's not handled 
by a separate IP-IP input path.

XXX Should eventually do the same thing for IPPROTO_MOBILE.
 1999-01-11 21:32:13 +00:00
thorpej
9508f259bf Adjust for the new IP-IP input path. mrt_ipip_input() is called from 
ipip_input(), and returns non-zero if mrt_ipip_input() handled the
packet.

XXX Eventually, the multicast code should probably use regular IP-IP
XXX `interfaces', but mrouted knows about the VIF table, etc.
 1999-01-11 21:31:03 +00:00
thorpej
9d996b9e4e Adjust for the new IP-IP input path. 1999-01-11 21:28:28 +00:00
thorpej
9f9be750f6 Separate out the IP-in-IP implementation from the GRE code. This cleans 
up the interface to ip_mroute.c somewhat, and properly separates IP-IP
from GRE.  (They are similar, but they are different protocols, and should
not be implemented in the same place.)
 1999-01-11 21:26:53 +00:00
thorpej
5f69dedb2c ipip_input() -> mrt_ipip_input(). 1998-12-22 02:51:32 +00:00
thorpej
54377d1212 Simplify the tunnel lookup routine. 1998-12-22 01:49:04 +00:00
thorpej
12632ebf71 Reverse the copyright-notice-swap. It went against existing practice. 1998-12-19 02:46:12 +00:00
thorpej
4f177aec90 Add a lock around the TCPCB's sequence queue, to prevent tcp_drain() 
from corrupting the queue if called from a device's interrupt context.

Similar in nature to the problem reported in PR #5684.
 1998-12-18 21:38:02 +00:00
thorpej
ca15e01c76 Add a lock around the IP fragment reassembly queue, to prevent ip_drain() 
from corrupting the queue if called from a device's interrupt context.

Should fix PR #5684.
 1998-12-18 21:35:11 +00:00
thorpej
93454aafc6 Delay sending if SS_MORETOCOME is set in so_state. This avoids the case 
where the user issued a write with a length greater than MLEN but less
than MINCLSIZE, thus causing two mbufs to be used.  The loop in sosend()
would then call PRU_SEND twice, causing TCP to transmit 2 packets when
it could have transmitted one.

Suggested by Justin Walker <justin@apple.com> on the freebsd-net
mailing list.
 1998-12-16 00:33:14 +00:00
mrg
2f2fd097ef remove this insanity. appeared with ipfilter 3.2.10... 1998-12-11 23:47:16 +00:00
drochner
914642e439 correction to the previous: protect against _LKM too 
pointed out by Todd Whitesel <toddpw@best.com>
 1998-12-11 11:57:33 +00:00
drochner
36b809fed6 correcton tp previous: don't try to include kernel option headers in 
userland
fixes PR kern/6561 (Takahiro Kambe)
 1998-12-11 09:15:42 +00:00
christos
ce96f9960a defopt IPFILTER_LOG 1998-12-10 15:50:59 +00:00
christos
c7578c510a defopt 1998-12-10 11:01:01 +00:00
mrg
a94214bdd0 add a patch from darren reed, to make ipfilter use our cksum routine. 1998-11-26 12:21:47 +00:00
sommerfe
0cdf66e377 Fragments should start with a header mbuf allocated by MGETHDR() 1998-11-25 21:13:58 +00:00
mrg
4dd9bebb58 add two more prototypes. noted missing by mjacob. 1998-11-22 23:30:36 +00:00
mrg
78db9d7d95 merge ipf 3.2.10 1998-11-22 15:17:18 +00:00
lukem
0cd1643609 if INADDR_ANY is given in in_pcbconnect(), choose the ia_addr of the first 
interface, not the ia_broadaddr.  should fix [standards/5645] and [kern/6425]
 1998-11-16 05:47:19 +00:00
drochner
1658ac64a8 fix the previous: "securelevel" in kernel only 1998-11-15 17:36:19 +00:00
tls
da1c106b85 In 'highly secure' mode (securelevel >= 2), the filter lists may not be tampered with. It might be desirable to allow enabling of preset filter lists, but it seems too good a candidate for a denial-of-service attack, so we don't. 1998-11-14 07:42:37 +00:00
lukem
cc41dfe747 simplify test in in_pcbbind() for setting wild=1; no need to check if 
((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 ||
	(so->so_options & SO_ACCEPTCONN) == 0)
since the latter is always true, so the former test in unnecessary.
from `TCP/IP Illustrated, Volume 2', W. Richard Stevens, p 730.
 1998-11-13 10:50:10 +00:00
thorpej
0e3a0a7f80 Once a fragmented IP packet has been reassembled, recompute the packet 
length before passing it up the stack.  From FreeBSD.
 1998-11-13 03:24:22 +00:00
ws
ede30e2813 Fix a buglet when looking up an interface for multicast: 
Zero out the routing structure before calling the route lookup code
in order to correctly match addresses.
 1998-10-26 17:31:01 +00:00
matt
3ad026ac87 vax -> __vax__ (and mips to __mips__ in ultrix_misc.c) 1998-10-20 01:46:27 +00:00
kim
cd7e3136ad Use ETHERTYPE_ATALK instead of ETHERTYPE_AT. The former seems more common. 
Our other constants also use "ATALK".

Added many new ETHERTYPE constants to sys/net/ethertypes.h, including the
ones from libpcap and tcpdump "ethertype.h" files.
 1998-10-13 02:34:31 +00:00
thorpej
14f5ac9081 Use the pool allocator for ipflow entries. 1998-10-08 01:41:45 +00:00
thorpej
974aa74abd Use the pool allocator for ipqent structures. 1998-10-08 01:19:25 +00:00
thorpej
588ccb2d75 Fix some typos in comments, and clean up some whitespace. 1998-10-07 23:33:02 +00:00
thorpej
6cfb33b4e4 Use the pool allocator for the tcpcb's TCP/IP header template. 1998-10-07 23:20:03 +00:00
matt
bf4e491879 Fix boolean dyslexic test. Duh! 1998-10-06 00:41:13 +00:00
matt
8e8f38e0f2 Add a sysctl for newreno (default to off). 1998-10-06 00:20:44 +00:00
lukem
a1ea50ee45 * in_pcblookup_port(): deprecate INPLOOKUP_WILDCARD and flags in favour 
of a lookup_wildcard arg; simplifies the logic a bit.
* when assigning ephemeral ports in in_pcbbind(), always call
  in_pcblookup_port() with lookup_wildcard=1, so that ephemeral port
  allocation on sockets with SO_REUSEADDR set won't potentially bind to a
  port in use by something else (principle of least surprise).
 1998-10-05 14:33:14 +00:00
matt
25054b5cf7 Adapt the NEWRENO changes from the UCSB diffs of BSDI 3.0's TCP 
to NetBSD.  Ignore the SACK & FACK stuff for now.
 1998-10-04 21:33:52 +00:00
kleink
c68106edad Use #error instead of causing a parse error. 1998-10-02 21:21:04 +00:00
drochner
5ddf423985 print reason for arplookup() failure (ala FreeBSD) 1998-10-01 11:04:24 +00:00
tls
c4730d65cf Switch order of TNF and UCB copyrights so UCB copyright is first; this seems more appropriate since UCB wrote the original code, after all. 1998-09-30 21:52:24 +00:00
hwr
eaccb9cd8d Start supporting IPPROTO_MOBILE (55) encapsulation. This is yet 
another tunneling protocol used by the Mobile-IP people. See RFC 2004
for this.
 1998-09-30 05:59:27 +00:00
christos
e74ca32804 SIOCGIFALIAS should not be restricted to the superuser. 1998-09-28 12:32:43 +00:00
mycroft
4a000a54e6 Fix a typo (not mine) in a comment. 1998-09-19 04:34:34 +00:00
mycroft
04ef3bf88d If we're in LISTEN state and all of RST, SYN and ACK are clear, send a RST. 1998-09-19 04:32:51 +00:00
mycroft
31347e4671 Always send a 0 window with a RST. Suggested by Darren Reed. 1998-09-19 04:02:52 +00:00
hwr
cf70cc28c7 Typo. :( 1998-09-14 21:15:56 +00:00
hwr
517139017e Some additions. 
And IDPR-CMTP is 38 not 39 according to IANA.
 1998-09-14 21:09:51 +00:00
hwr
366b9c4515 Add a gre tunnel pseudo network device. Gre = generic route encapsulation. 
This device shows up like any other network interface and can be used to
tunnel L3 protocols as e.g. IP over IP.
 1998-09-13 20:27:47 +00:00
christos
66dd35d72c Fix copyright spacing and 'Van' -> 'van' for consistency. 1998-09-13 15:45:40 +00:00
tv
235fc6a6a9 egcs {brace} warning fix 1998-09-10 19:53:28 +00:00
mouse
b95116821c Create tcp.keepidle, tcp.keepintvl, tcp.keepcnt, tcp.slowhz sysctls. 1998-09-10 10:46:03 +00:00
thorpej
9fd57e8917 Make a diagnostic printf more sensible, PR #5951, Heiko W. Rupp. 1998-09-09 04:57:18 +00:00
thorpej
4dbfe05f1f Use an algorithm similar to that in tcp_notify() to determine if 
syn_cache_unreach() should remove the entry, or just continue on.

Algorithm is to only remove the entry if we've had more than one unreach
error and have retransmitted 3 or more times.  This prevents the following
scenario, as noted in PR #5909 (PR from Ty Sarna, scenario from
Charles Hannum):

	* Host A sends a SYN.
	* Host A retransmits the SYN.
	* Host B gets the first SYN and sends a SYN-ACK.
	* Host B gets the second SYN and sends a SYN-ACK.
	* One of the SYN-ACK bounces with an
	  ICMP unreachable, causing the `SYN cache' entry to be
	  removed with no notification.
	* Host A receives the other SYN-ACK, sends an ACK, and goes to
	  ESTABLISHED state.

Should fix PR #5909.
 1998-09-09 01:32:27 +00:00
christos
0f024deb52 Add SIOCGIFALIAS 1998-09-06 17:52:01 +00:00
kleink
bb4f7768e4 Protect _XOPEN_SOURCE against sysctl MIB identifiers. 1998-09-05 19:03:25 +00:00
mycroft
e2cb6dad8d Make the randomized part of the ISS 24 bits. 1998-09-04 22:34:51 +00:00
mycroft
2f501074f8 Fix a couple of bogons related to tcp_new_iss(): 
* Don't add tcp_iss_seq when creating a new ISS from TIME-WAIT state.
* Do the clock increment even when using the rnd device.
 1998-09-04 22:29:54 +00:00
scottr
e3e7e1673f Fix the NEXT_IA_WITH_SAME_ADDR macro introduced in 1.27: it was finding 
the first in_ifaddr structure with a different internet address!  Reverse
the sense of the test.  Spotted by and fix from Eric Haszlakiewicz.
 1998-08-14 06:57:54 +00:00