Commit Graph

843 Commits

Author SHA1 Message Date
itojun
f91ee608a9 avoid calling in6_control(SIOCDIFADDR_IN6) from interrupt context.
it is not supposed to work.
logging fix: add "\n" to some of log() in in6_prefix.c.

improve in6_ifdetach().  now almost all structure depend on ifnet
will be cleared up.
possible loose ends:
- cached route_in6 in static varaiables needs to be cleared as well
- there are ifaddr manipulation without reference counting,
  which should be fixed
we still see panics after card removal, though...  not sure what is left.

(sync with kame)
2000-02-04 14:34:22 +00:00
thorpej
c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
thorpej
d844a3ac41 First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
  work was.  This is hard to get right, and we should attack one
  protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
  purge an ifaddr from a protocol.  The old method Bill used didn't work
  on all protocols, and it only worked on some because it was Very Lucky.

This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
2000-02-01 22:52:04 +00:00
veego
064dbd29ad Only print one 'IP Filter:' line when it gets enabled or disabled. 2000-02-01 21:41:36 +00:00
veego
b3bffdf856 Resolve conflicts. 2000-02-01 21:29:15 +00:00
thorpej
3b5706e2e5 Fix a couple of whitespace glitches. 2000-02-01 00:07:50 +00:00
thorpej
637a2eee6e Use ifatoia() and sintosa() consistently, rather than using home-grown
casting macros intermixed.
2000-02-01 00:07:09 +00:00
thorpej
1cb24101b9 Small amount of cosmetic cleanup. 2000-02-01 00:05:07 +00:00
itojun
1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun
63fd2c0262 destination port == 0 is illegal based on RFC768.
(NetBSD PR: 9137 - I thought I committed this already but I wasn't)
2000-01-31 10:39:26 +00:00
sommerfeld
62224d5f23 Pick source address for ICMP errors a bit more intelligently when
there are multiple addresses on the interface.

From Marc Horowitz <marc@netbsd.org>, who left this sitting for too long.
2000-01-25 17:07:56 +00:00
itojun
b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
2000-01-06 15:46:07 +00:00
itojun
ec63b40402 remove too much portability code in KAME, to improve readability. 2000-01-06 07:31:07 +00:00
itojun
2e904aec57 make IPV6_BINDV6ONLY setsockopt available. it controls behavior of
AF_INET6 wildcard listening socket.  heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value.  default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
2000-01-06 06:41:18 +00:00
veego
a7c3d2263b Fix a panic which was mentioned on the ipfilter mailing list.
Patch from Darren send to the mailing list after he released 3.3.6 and
did a bad job with using the wrong way to update the NetBSD version
of ipfilter.
1999-12-29 08:19:07 +00:00
darrenr
1904e0a218 update ipfilter code to 3.3.6 1999-12-28 07:14:53 +00:00
itojun
dc0f1c0435 drop IPv6 packets with v4 mapped address on src/dst. they are illegal
and may be used to fool IPv6 implementations (by using ::ffff:127.0.0.1 as
source you may be able to pretend the packet is from local node)
1999-12-22 04:03:01 +00:00
itojun
8bd9534970 avoid shared cluster mbuf overwrite on multicast packet loopback.
(bsdi and freebsd fixed this a long time ago...)

PR: 9020
From: pavlin@catarina.usc.edu
1999-12-20 05:46:33 +00:00
itojun
abddb5f851 do not overwrite traffic class field when we write IPv6 version field. 1999-12-15 06:28:43 +00:00
is
43aa150a4e Handle packets to 255.255.255.255 like multicast packets. Fixes PR 7682 by
Darren Reed.
1999-12-13 17:04:11 +00:00
itojun
ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
ragge
713b50cde9 Avoid GCC complaints (under some circumstances). 1999-12-12 19:51:49 +00:00
itojun
5bb1c57bee sync with latest KAME (rcsid only). 1999-12-12 16:19:40 +00:00
itojun
2f49a03b86 do not use member of sockaddr_storage directly.
(if the definition is like in rfc2553) they are not supposed to be used.

XXX i'm trying to change rfc2553 sockaddr_storage definition to include
"ss_len" and "ss_family".  see ipngwg.  situation might change soon.
1999-12-12 15:57:07 +00:00
veego
64b2c34646 Resolve conflicts and small fixes. 1999-12-12 11:11:15 +00:00
veego
99f380af25 Import a few IP Filter 3.3.5 files under sys/netinet. 1999-12-12 10:57:57 +00:00
itojun
4d757da195 implement upper-layer reachability confirmation for IPv6 ND (RFC2461 7.3.1).
fix code to reject "tcp to IPv6 anycast".

sync with recent KAME.
1999-12-11 09:55:14 +00:00
itojun
313f5eb9cd do not drop from IP header to tcp option until sbappend(), to reduce
requirement to mbuf chain.
part of KAME sync, committed separately for its (possible) impact.
1999-12-08 16:22:20 +00:00
itojun
bbb8727584 bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code).  Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.
1999-11-30 13:34:47 +00:00
thorpej
046d593425 Add the `packed' attribute to structures which describe wire protocol data. 1999-11-20 00:37:58 +00:00
bouyer
f86517a031 Update protocoles and interfaces stats counters to 64bit.
RTM_IFINFO is now 0xf, 0xe is RTM_OIFINFO which returns the old (if_msghdr14)
struct with 32bit counters (binary compat, conditioned on COMPAT_14).
Same for sysctl: node 3 is renamed NET_RT_OIFLIST, NET_RT_IFLIST is now node 4.
Change rt_msg1() to add an mbuf to the mbuf chain instead of just panic()
when the message is larger than MHLEN.
1999-11-19 10:41:41 +00:00
itojun
90fe937b44 disable ipflow (IPv4 fast fowarding) when IPsec is configured into the kernel. 1999-10-26 09:53:17 +00:00
drochner
87568e8d82 defopt the XNS protocol (options NS), clean up the use of related
option headers / defines
1999-10-25 19:18:10 +00:00
sommerfeld
f3182098a7 If a packet came in as link-level broadcast or link-level multicast, don't
attempt to fast-forward it out.
1999-10-17 23:38:45 +00:00
sommerfeld
c2accd9f9c In ip_forward():
Avoid forwarding ip unicast packets which were contained inside
link-level multicast packets; having M_MCAST still set in the packet
header flags will mean that the packet will get multicast to a bogus
group instead of unicast to the next hop.

Malformed packets like this have occasionally been spotted "in the
wild" on a mediaone cable modem segment which also had multiple netbsd
machines running as router/NAT boxes.

Without this, any subnet with multiple netbsd routers receiving all
multicasts will generate a packet storm on receipt of such a
multicast.  Note that we already do the same check here for link-level
broadcasts; ip6_forward already does this as well.

Note that multicast forwarding does not go through ip_forward().

Adding some code to if_ethersubr to sanity check link-level
vs. ip-level multicast addresses might also be worthwhile.
1999-10-17 16:00:00 +00:00
sommerfeld
d0790aa895 in ipfr_fastroute, before calling icmp_error(), put received-interface
back into the packet.  (ip_output() clears it since ipsec reuses that
packet field in the output path.  by putting it back, we're going to
pretend we're back on the input path now).
1999-10-12 14:51:34 +00:00
is
f546d949b6 Decouple IP mtu for ARCnet devices from interface MTU.
This is important, because for most protocols, link level fragmentation is
used, but with different default effective MTUs. (e.g.: IPv4 default MTU
is 1500 octets, IPv6 default MTU is 9072 octets).
1999-09-25 17:49:27 +00:00
enami
5326516a15 Make this compile without INET6. 1999-09-23 04:02:27 +00:00
itojun
9474edfcd8 cleanup and correct TCP MSS consideration with IPsec headers.
MSS advertisement must always be:
	max(if mtu) - ip hdr siz - tcp hdr siz
We violated this in the previous code so it was fixed.

tcp_mss_to_advertise() now takes af (af on wire) as its argument,
to compute right ip hdr siz.

tcp_segsize() will take care of IPsec header size.
One thing I'm not really sure is how to handle IPsec header size in
*rxsegsizep (inbound segment size estimation).
The current code subtracts possible *outbound* IPsec size from *rxsegsizep,
hoping that the peer is using the same IPsec policy as me.
It may not be applicable, could TCP gulu please comment...
1999-09-23 02:21:30 +00:00
itojun
6b9bfc0691 - Call in{,6}_pcbdetach if ipsec initialization is failed during PRU_ATTACH.
This situation happens on severe memory shortage.  We may need more
  improvements here and there.
- Grab IEEE802 address from IFT_ETHER card, even if the card is
  inserted after bootup time.  Is there any other card that can be
  inserted afterwards?  pcmcia fddi card? :-P
- RFC2373 u bit handling suggests that we SHOULD NOT copy interface id from
  ethernet card to pseudo interface, when ethernet card has IEEE802/EUI64
  with u bit != 0 (this means that IEEE802/EUI64 is not universally unique).
  Do not use such address as, for example, interface id for gif interface.
  (I have such an ethernet card myself)
  This may change interface id for your gif interface.  be careful upgrading
  rc files.

(sync with recent KAME)
1999-09-13 12:15:54 +00:00
simonb
fd8040a031 s/acknowledgment/acknowledgement/ 1999-09-10 03:24:14 +00:00
itojun
4597cff18d fix tcp mss consideration on ipsec operation.
now tcp-over-ipsec should not experience fragmentation due to
addition of ipsec header.

From: proff@suburbia.net (Julian Assange)
1999-08-27 02:56:14 +00:00
itojun
a89a69391a clear m->m_pkthdr.rcvif before calling ip_output().
the member is used to pass struct socket to ip{,6}_output for ipsec decisions.

(i agree it is kind of ugly.  we need to modify struct mbuf if we are
to do better - which seems to me a bit too much)
1999-08-26 02:56:59 +00:00
marc
3c1adf9354 when fastrouting a packet which needs fragmentation, the packet passed
to if_output did not have m->m_pkthdr.len set correctly.  Add the code
to do this from the similar code in ip_output.c
1999-08-26 02:15:35 +00:00
thorpej
1e921673e3 Fix a problem discovered by the snd_recover update fix. A bit of the
New Reno fast recovery code was being executed even when New Reno was
disabled, resulting in an unfortunate interaction with the traditional
fast recovery code, the end resulting being that the very condition
that would trigger the traditional fast recovery mechanism caused fast
recovery to be disabled!

Problem reported by Ted Lemon, and some analytical help from Charles Hannum.
1999-08-26 00:04:30 +00:00
itojun
809ab7f1ff When listening socket goes away, remove assockated syn cache entires.
Stale syn cache entries are useless because none of them will be used
if there is no listening socket, as tcp_input looks up listening socket by
in_pcblookup*() before looking into syn cache.

This fixes race condition due to dangling socket pointer from syn cache
entries to listening socket (this was introduced when ipsec is merged in).

This should preserve currently implemented behavior (but not 4.4BSD
behavior prior to syn cache).

Tested in KAME repository before commit, but we'd better run some
regression tests.
1999-08-25 15:23:12 +00:00
itojun
d48c55f4f0 ctlinput handling must look at ip6_src, not ip6_dst.
(this makes path mtu handling wrong)
1999-08-25 12:38:14 +00:00
bouyer
4f806e660f Fix for kern/7831 from Darren Reed after discussion on tech-net 2 weeks ago:
check that the packet if of the rigth protocol before giving it to the
proxy module, otherwise let the ipnat code handle it.
What happens in kern/7831 is that a router sends back a icmp message for
a TCP SYN, and ip_proxy.c forwards it to ip_ftp_pxy.c which can only
handle TCP packets. The icmp message is properly handled by ipnat, no need to
go to ip_ftp_pxy.c.
1999-08-24 16:10:35 +00:00
christos
d6f8878423 PR/8254: Wolfgang Rupprecht: Incorrect logging of tcp connections; Fix src/dst
confusion.
1999-08-23 14:14:30 +00:00
matt
d3448593e5 Cleanup a little kludge in mtu handling in route.c. Bring down FDDI
mtu to legal IP max but don't affect other protocols.
1999-08-21 03:46:35 +00:00
itojun
00cf8638cb do not capture packets by gif, when gif interface is down. 1999-08-20 10:07:40 +00:00
itojun
98fab25334 fix sototcpcb(). this sometimes caused panic on OOB data reception.
the macro may need to be expanded into dedicated function, rather than a macro,
to capture unsupported values.
1999-08-12 16:04:52 +00:00
thorpej
af1e02ad91 Fix a few bugs in the TCP New Reno code:
- Make sure that snd_recover is always at least snd_una.  If we don't do
  this, there can be confusion when sequence numbers wrap around on a
  large loss-free data transfer.
- When doing a New Reno retransmit, snd_una hasn't been updated yet,
  and the socket's send buffer has not yet dropped off ACK'd data, so
  don't muddle with snd_una, so that tcp_output() gets the correct data
  offset.
- When doing a New Reno retransmit, make sure the congestion window is
  open one segment beyond the ACK'd data, so that we can actually perform
  the retransmit.

Partially derived from, although more complete than, similar changes in
OpenBSD, which in turn originated from Tom Henderson <tomh@cs.berkeley.edu>.
1999-08-11 17:37:59 +00:00
thorpej
e48f29e82b Make sure the echoed RFC 1323 timestamp is valid before using it to
compute the round trip time.  From Mark Allman <mallman@lerc.nasa.gov>.
1999-08-11 03:02:18 +00:00
itojun
a9b7fe4621 return with doing nothing from xx_ctlinput(), when sa->sa_family
is not the expected one.

I see PRC_REDIRECT_HOST with sa->sa_family == AF_UNIX coming to
{tcp,udp}_ctlinput() when I use dhclient, and I feel like adding
more sanity checks, without logging - if we log it it is too noisy.
1999-08-09 10:55:29 +00:00
sommerfeld
08e495eda4 Delete debug printfs from arp_drain() 1999-08-05 04:36:56 +00:00
sommerfeld
2aa9696fee Implement arp_drain(), which frees packets tied up in the arp cache if
mbufs are in short supply.
Create a (trivial) protocol domain for arp so that the drain routine will
be called from m_reclaim()
1999-08-05 04:04:28 +00:00
itojun
70ada0957e sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).
1999-07-31 18:41:15 +00:00
itojun
06c350054d remove reference to in6_systm.h (file itself will be removed afterwords) 1999-07-30 10:35:34 +00:00
itojun
42c5caafe7 do not include unnecessary include files. 1999-07-23 15:21:17 +00:00
itojun
7fee35f579 - implement IPv6 pmtud, which is necessary for TCP6.
- fix memory leak on SO_DEBUG over TCP.
1999-07-22 12:56:56 +00:00
itojun
b479094c45 no need to include faith.h on non-IPv6 build, so wrap by #ifdef.
(dunno if it's better to always include it or not)
1999-07-17 12:53:05 +00:00
itojun
c74f79d16f fix faith interface support. need testing.
(i understand this is a dirty hack, of course)
1999-07-17 07:07:08 +00:00
itojun
685747d56c Use proper ip protocol # field and tcp hdr on sending RST against SYN,
when ip header and tcp header are not adjacent to each other
(i.e. when ip6 options are attached).

To test this, try
	telnet @::1@::1 port
toward a port without responding server.  Prior to the fix, the kernel will
generate broken RST packet.
1999-07-14 22:37:13 +00:00
drochner
46f90cb053 make sending of keepalive messages work again:
-remove bogus sanity check involving an uninitialized variable
-correct mbuf cluster allocation
-(non-critical) remove redundant check in cleanup after error
1999-07-14 22:08:52 +00:00
thorpej
267920eb1a defopt INET6, and put it in opt_inet.h (most places already include this
file, which is why the file list is so short).
1999-07-09 23:41:16 +00:00
thorpej
f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
drochner
2df8761fac for incoming broadcasts, strip IP/UDP header correctly
wrap a line
1999-07-06 14:37:47 +00:00
itojun
dcc13cdd33 sync with KAME/NetBSD 1.4, SNAP kit 19990705.
key changes are:
- icmp6 redirect fix (dst check)
- revised ip6 multicast check for loopback i/f
- several RCS ID cleanups
1999-07-06 12:23:19 +00:00
darrenr
a47ffec442 Call icmp_error() at the bottom of rip_input IFF rip_input is the handler
for the protocol in the specified packet.
Fix statistic gathering to not make bogus increments of ips_delivered and
ips_noproto for cases where rip_input() is called by a protocol handler
(such as icmp_input or igmp_input) which has already processed the packet.
1999-07-05 07:24:38 +00:00
thorpej
cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
fvdl
e3fa5cc725 Fix for -Wunitialized warnings broke compiles without INET6, refix. 1999-07-02 21:02:05 +00:00
itojun
4b961b81e3 avoid "variable not initialized" warnings on some of the platforms. 1999-07-02 12:45:32 +00:00
itojun
f8346292af move ipsec sysctl index to IPPROTO_AH (instead of IPPROTO_ESP),
so that you can perform sysctl operation when ESP is not compiled in.
1999-07-02 08:46:47 +00:00
itojun
118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
1999-07-01 08:12:45 +00:00
darrenr
67cac86e57 add PR_LISTEN to protocols which support listen(2) 1999-07-01 05:53:04 +00:00
itojun
74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
1999-06-28 06:36:47 +00:00
sommerfeld
b7c70d2b2f If the new global variable hostzerobroadcast is zero, no longer assume
address zero of each net/subnet is a broadcast address.
(The default value is nonzero, which preserves the current behavior).

This can be set using sysctl; the boot-time default can also be
configured using the HOSTZEROBROADCAST kernel config option.

While we're here, defopt HOSTZEROBROADCAST and SUBNETSARELOCAL
1999-06-26 06:16:47 +00:00
thorpej
51867fc227 When sending an ARP reply, make sure to set the length of the outgoing
packet.

Slightly modified from PR #7809, Zdenek Salvet <salvet@ics.muni.cz>.
1999-06-18 18:20:50 +00:00
mrg
7185af78dc oops. move sendit: above the PFIL_HOOKS so that multicast traffic is filtered. from darren reed. 1999-06-07 01:26:04 +00:00
bad
6b30aed924 Fix thinko of mine in previous. The source route info is not at m->m_data
after various m_adj()s have been done.  Kludge around this with a cheesy
macro that knows where the drivers put the mac header in the first mbuf.

XXX There should be a better way to do this.
1999-05-30 00:39:07 +00:00
bad
0b3a9f9e00 Don't assume the Token-Ring source route is in the m_pktdat. Use
m_data instead.  This isn't a problem with ARP packets but is correct
way to this.

Noticed by pmara@cactus.org (Shashi Mara).
1999-05-29 22:36:07 +00:00
ad
ccc7e59e1f Add new sysctl (net.inet.tcp.log_refused) that when set, causes refused TCP
connections to be logged.
1999-05-23 20:33:50 +00:00
ad
bdf1938edd For completeness sake, allow this to compile with no loopback interfaces
configured.
1999-05-23 20:21:51 +00:00
thorpej
788dee365c Sigh, fix some broken logic in the last change to INADDR_TO_IA(), and make
the macro a little more obvious.  Should fix kern/7589, from Jens A Nilsson.
1999-05-16 19:33:27 +00:00
is
7807c9a493 Fixes PR 7489 by Olaf Seibert. Fix by Zdenek Salvet (PR 7497). 1999-05-04 20:50:35 +00:00
hwr
d313e75afe It does not make much sense to increase a "output" counter on input. 1999-05-04 20:13:09 +00:00
hwr
3fa094f8b5 Don't let packets with a Class-D source address escape the host.
Fixes second half of kern/7003 by Jonathan Stone <jonathan@DSG.Stanford.EDU>.
1999-05-04 19:50:23 +00:00
is
7470bd006a Fix for PR 7490 by Olaf Seibert, fix mostly from PR 7497 bei Zdenek Salvet,
but with more verbose error messages.
1999-05-04 14:58:27 +00:00
thorpej
3faa72bd56 Fix an ininitialized variable that the MIPS compiler caught (but the
SPARC, Alpha, Arm, and i386 compilers missed).
1999-05-03 23:30:27 +00:00
thorpej
a40dff106e In INADDR_TO_IA(), skip interfaces which are not up. Revert previous change
to ip_input.c to check the interface status after INADDR_TO_IA().

Fix cooked up by Heiko Rupp and myself.

Fixes PR 7480.
1999-05-03 22:12:44 +00:00
hwr
33a8a5933b Drop packets, that have a Class-D address as source address.
Implements the first half of PR 7003.
1999-05-03 21:14:47 +00:00
thorpej
2cd33a0ce1 Implement retransmit logic for the SYN cache engine. Fixes a rare condition
where one side can think a connection exists, where the other side thinks
the connection was never established.

The original problem was first reported by Ty Sarna in PR #5909.  The
original fix I made to the code didn't cover all cases.  The problem this
fix addresses was reported by Christoph Badura via private e-mail.

Many thanks to Bill Sommerfeld for helping me to test this code, and
for finding a subtle bug.
1999-04-29 03:54:22 +00:00
hwr
fb7871d6b2 If the incoming code value is 0, timer gets 0, which would mean
a divide by zero afterwards.
This is also, what Bill Fenner seems to have done in the FreeBSD igmp
code.
This should fix kern/6541.
1999-04-25 10:26:29 +00:00
simonb
be3adbebcc Don't extern sb_max, <sys/socketvar.h> provides a definition. 1999-04-22 01:32:30 +00:00
kml
a7f8ef5e9b Ensure that out of window SYNs receive an ACK in responce, rather than
being dropped.  This fixes a bug reported by Jason Thorpe.
1999-04-09 22:01:07 +00:00
proff
8775e52947 tiny KNF change 1999-04-07 05:34:32 +00:00
proff
ae938abb49 Prevent reception of packets on downed interfaces (via an up interface).
fixes kern/7327
1999-04-07 02:31:05 +00:00
tron
1b27086b7e - Make sure that interface can't be marked up before a route to the remote
tunnel end was found.
- Flush route and reset MTU if interface is marked down.
1999-04-04 09:10:27 +00:00
tron
ef85f04fcb Avoid kernel panic if interface is configured before a route to the
remote of the tunnel can be found.

XXX If you manually mark the interface as "UP" and set the MTU later
XXX sending a packet will still cause a kernel panic.
1999-04-04 00:21:53 +00:00
hwr
3f5c626e42 Setting of source and destination IP is not done by
passing SIOCSIFADDR/SIOIFDSTADDR, but by passing the addresses in
the appropriate structs.
One of the mysteries of ifconfig IMHO...

Should fix kern/6899.
1999-04-02 20:39:23 +00:00
mycroft
742a052418 Fix a null pointer dereference in the case where forwarding is turned on and
there are interfaces up but with no addresses.
1999-03-30 19:02:56 +00:00
nathanw
9c6754cd69 Alpha printf format fixes.
Closes PR kern/7258.
1999-03-27 21:47:59 +00:00
aidan
da1b3a7abf Added per-addr input/output statistics. Currently just support netatalk
and netinet, currently only tested under netinet.

Disabled by default, enabled by compiling the kernel with option
IFA_STATS.  Enabling this feature seems to make the ip_output function
take 13% longer than before, which should be OK for people that need
this feature.
1999-03-27 01:24:49 +00:00
proff
85ab19698a security: test for ip_len < ip_hl <<2 and drop packet accordingly 1999-03-26 08:51:35 +00:00
lukem
8a931fcdd8 Ensure that you can only bind a more specific address when it is done by the
same uid or by root.

This code is from FreeBSD. (Whilst it was originally obtained from OpenBSD,
FreeBSD fixed it to work with multicast. To quote the commit message:
    - Don't bother checking for conflicting sockets if we're binding to a
      multicast address.
    - Don't return an error if we're binding to INADDR_ANY, the conflicting
      socket is bound to INADDR_ANY, and the conflicting socket has
      SO_REUSEPORT set.
)
1999-03-23 10:45:37 +00:00
bad
a5283c98c0 Add support for Token-Ring source routes in the ARP cache.
By Onno van der Linden.
1999-03-22 22:30:42 +00:00
perry
d446fb449c exterminate ovbcopy. patches provided by Erik Bertelsen, pr-7145 1999-03-12 22:42:30 +00:00
mycroft
c6d172438d Minor cleanup to use LONG_SUM() and CALC_SUMD() more. 1999-03-05 07:27:09 +00:00
explorer
cff4c9630b Don't mix in data just to stir the rnd pool. Extracting data will do that,
any network packets received might, too, so this is already taken care of.
1999-02-28 13:41:24 +00:00
drochner
918dfd95e1 -always do an RARP if revarpwhoarewe() is called, it might be for another
interface or the server's configuration has changed
-g/c revarpwhoami()
1999-02-21 15:17:14 +00:00
matt
7ebd19d744 According to Dave Borman, the iss should be using snd_nxt and not rcv_nxt
(from tcp_impl mailing-list).
1999-02-05 22:37:24 +00:00
explorer
25d32ef34d REALLY only update the window when we get an ACK. (the old code seemed broken) 1999-02-04 22:58:37 +00:00
cjs
8befad84b1 Remove SCCS markers and make these compile in $NetBSD$ IDs. 1999-02-02 19:57:30 +00:00
thorpej
a350d7b28b Set the tunnel destination address correctly. Should fix PR #6899. 1999-02-02 07:20:13 +00:00
marc
5f688e6632 remove gre_softc declaration; the symbol is no longer used in this
file.
1999-02-02 07:10:45 +00:00
mycroft
5e373d307f Clear mfchashtbl after it's deallocated, to kill a stray pointer. Fixes PR
5400.
1999-02-01 15:09:46 +00:00
thorpej
a22cfcf3d4 Make programs that use raw IP work again; trim the header length from ip_len
before handing the packet off to the socket.
1999-01-30 21:43:16 +00:00
itohy
7751c2e2eb ~htons(...) is always negative. 1999-01-28 21:29:27 +00:00
thorpej
6c30816c15 Fix a slight error in previous. Rearrange some code in tcp_respond() so
that a DIAGNOSTIC check against the destination address is actually
checking the destination address.  "oops."
1999-01-26 08:28:50 +00:00
mycroft
8ede79f2b4 One more tweak to the checksum hack, and I promise I'm done. B-) 1999-01-25 15:53:29 +00:00
mycroft
50438b6df0 Absolutely minor tweak to generate better code. 1999-01-25 15:36:50 +00:00
mycroft
70e6acdfef Update the comment about the checksum hack. It was way out of date. 1999-01-24 13:34:35 +00:00
mycroft
94895652e1 Modify the checksum slightly so that the htons()s can all be combined. 1999-01-24 12:57:38 +00:00
thorpej
a58f271406 Oops, forgot to update copyright notice in previous. 1999-01-24 01:21:18 +00:00
thorpej
86e2c3fbc6 * Completely rewrite syn_cache_respond().
- Don't use tcp_respond(), instead create the tcp/ip header from scratch,
and send it ourself.
- Reuse the mbuf that carried the SYN, or allocate one if that is not
available.
- Cache the route we look up to do the Path MTU Discovery check, and
transfer the reference to that route to the inpcb when the connection
completes.
* Macro'ize a small, but often repeated code fragment.
1999-01-24 01:19:28 +00:00
mycroft
b790730226 Fix problems with fr_tcpsum() that prevented the FTP proxy from working. 1999-01-23 08:50:52 +00:00
thorpej
a43786143f Fix a problem pointed out by Charles Hannum; DF wasn't being set in
SYN,ACK packets during Path MTU Discovery.  Fix tcp_respond() to do the
appropriate route lookup and set DF as appropriate.

Also, fixup similar code in tcp_output() to relookup the route if it
is down.
1999-01-20 03:39:54 +00:00
mycroft
231a906c71 There's just no plausible reason to byte-swap ip_id internally. It's opaque. 1999-01-19 23:39:56 +00:00
mycroft
7eeb5a04da Don't screw with ip_len; just subtract from it where we actually use the
value.
1999-01-19 23:03:20 +00:00
mycroft
d3ea3de1af Fix byte-swapping of ip_len in returned IP header. 1999-01-19 22:10:42 +00:00
mycroft
fc1211a6ab Don't overwrite the checksum fields when checking them. There's no reason to
do this, and it screws up ICMP replies.
XXX The returned IP checksum and length are still wrong.
1999-01-19 21:58:40 +00:00
thorpej
4b0e6bb4dc Domains are associated with protocol families, not address families. 1999-01-14 01:16:55 +00:00
thorpej
98d3903da8 Use the count supplied to the pseudo-device attach routine to dynamically
allocate (once) the ipip_softc array; don't assume NIPIP contains the count.
1999-01-13 23:01:20 +00:00
thorpej
555784ccd5 Fix byte order and ip_len inconsistencies in ICMP reply code. Also, fix
some formatting and HTONS(foo) vs. foo = htons(foo) inconsistencies.

PR #6602, Darren Reed.
1999-01-11 22:35:06 +00:00
thorpej
6ae68b4feb Pull the IP-in-IP tunneling support out of the GRE code. It's not handled
by a separate IP-IP input path.

XXX Should eventually do the same thing for IPPROTO_MOBILE.
1999-01-11 21:32:13 +00:00
thorpej
9508f259bf Adjust for the new IP-IP input path. mrt_ipip_input() is called from
ipip_input(), and returns non-zero if mrt_ipip_input() handled the
packet.

XXX Eventually, the multicast code should probably use regular IP-IP
XXX `interfaces', but mrouted knows about the VIF table, etc.
1999-01-11 21:31:03 +00:00
thorpej
9d996b9e4e Adjust for the new IP-IP input path. 1999-01-11 21:28:28 +00:00
thorpej
9f9be750f6 Separate out the IP-in-IP implementation from the GRE code. This cleans
up the interface to ip_mroute.c somewhat, and properly separates IP-IP
from GRE.  (They are similar, but they are different protocols, and should
not be implemented in the same place.)
1999-01-11 21:26:53 +00:00
thorpej
5f69dedb2c ipip_input() -> mrt_ipip_input(). 1998-12-22 02:51:32 +00:00
thorpej
54377d1212 Simplify the tunnel lookup routine. 1998-12-22 01:49:04 +00:00
thorpej
12632ebf71 Reverse the copyright-notice-swap. It went against existing practice. 1998-12-19 02:46:12 +00:00
thorpej
4f177aec90 Add a lock around the TCPCB's sequence queue, to prevent tcp_drain()
from corrupting the queue if called from a device's interrupt context.

Similar in nature to the problem reported in PR #5684.
1998-12-18 21:38:02 +00:00
thorpej
ca15e01c76 Add a lock around the IP fragment reassembly queue, to prevent ip_drain()
from corrupting the queue if called from a device's interrupt context.

Should fix PR #5684.
1998-12-18 21:35:11 +00:00
thorpej
93454aafc6 Delay sending if SS_MORETOCOME is set in so_state. This avoids the case
where the user issued a write with a length greater than MLEN but less
than MINCLSIZE, thus causing two mbufs to be used.  The loop in sosend()
would then call PRU_SEND twice, causing TCP to transmit 2 packets when
it could have transmitted one.

Suggested by Justin Walker <justin@apple.com> on the freebsd-net
mailing list.
1998-12-16 00:33:14 +00:00
mrg
2f2fd097ef remove this insanity. appeared with ipfilter 3.2.10... 1998-12-11 23:47:16 +00:00
drochner
914642e439 correction to the previous: protect against _LKM too
pointed out by Todd Whitesel <toddpw@best.com>
1998-12-11 11:57:33 +00:00
drochner
36b809fed6 correcton tp previous: don't try to include kernel option headers in
userland
fixes PR kern/6561 (Takahiro Kambe)
1998-12-11 09:15:42 +00:00
christos
ce96f9960a defopt IPFILTER_LOG 1998-12-10 15:50:59 +00:00
christos
c7578c510a defopt 1998-12-10 11:01:01 +00:00
mrg
a94214bdd0 add a patch from darren reed, to make ipfilter use our cksum routine. 1998-11-26 12:21:47 +00:00
sommerfe
0cdf66e377 Fragments should start with a header mbuf allocated by MGETHDR() 1998-11-25 21:13:58 +00:00
mrg
4dd9bebb58 add two more prototypes. noted missing by mjacob. 1998-11-22 23:30:36 +00:00
mrg
78db9d7d95 merge ipf 3.2.10 1998-11-22 15:17:18 +00:00
lukem
0cd1643609 if INADDR_ANY is given in in_pcbconnect(), choose the ia_addr of the first
interface, not the ia_broadaddr.  should fix [standards/5645] and [kern/6425]
1998-11-16 05:47:19 +00:00
drochner
1658ac64a8 fix the previous: "securelevel" in kernel only 1998-11-15 17:36:19 +00:00
tls
da1c106b85 In 'highly secure' mode (securelevel >= 2), the filter lists may not be tampered with. It might be desirable to allow enabling of preset filter lists, but it seems too good a candidate for a denial-of-service attack, so we don't. 1998-11-14 07:42:37 +00:00
lukem
cc41dfe747 simplify test in in_pcbbind() for setting wild=1; no need to check if
((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 ||
	(so->so_options & SO_ACCEPTCONN) == 0)
since the latter is always true, so the former test in unnecessary.
from `TCP/IP Illustrated, Volume 2', W. Richard Stevens, p 730.
1998-11-13 10:50:10 +00:00
thorpej
0e3a0a7f80 Once a fragmented IP packet has been reassembled, recompute the packet
length before passing it up the stack.  From FreeBSD.
1998-11-13 03:24:22 +00:00
ws
ede30e2813 Fix a buglet when looking up an interface for multicast:
Zero out the routing structure before calling the route lookup code
in order to correctly match addresses.
1998-10-26 17:31:01 +00:00
matt
3ad026ac87 vax -> __vax__ (and mips to __mips__ in ultrix_misc.c) 1998-10-20 01:46:27 +00:00
kim
cd7e3136ad Use ETHERTYPE_ATALK instead of ETHERTYPE_AT. The former seems more common.
Our other constants also use "ATALK".

Added many new ETHERTYPE constants to sys/net/ethertypes.h, including the
ones from libpcap and tcpdump "ethertype.h" files.
1998-10-13 02:34:31 +00:00
thorpej
14f5ac9081 Use the pool allocator for ipflow entries. 1998-10-08 01:41:45 +00:00
thorpej
974aa74abd Use the pool allocator for ipqent structures. 1998-10-08 01:19:25 +00:00
thorpej
588ccb2d75 Fix some typos in comments, and clean up some whitespace. 1998-10-07 23:33:02 +00:00
thorpej
6cfb33b4e4 Use the pool allocator for the tcpcb's TCP/IP header template. 1998-10-07 23:20:03 +00:00
matt
bf4e491879 Fix boolean dyslexic test. Duh! 1998-10-06 00:41:13 +00:00
matt
8e8f38e0f2 Add a sysctl for newreno (default to off). 1998-10-06 00:20:44 +00:00
lukem
a1ea50ee45 * in_pcblookup_port(): deprecate INPLOOKUP_WILDCARD and flags in favour
of a lookup_wildcard arg; simplifies the logic a bit.
* when assigning ephemeral ports in in_pcbbind(), always call
  in_pcblookup_port() with lookup_wildcard=1, so that ephemeral port
  allocation on sockets with SO_REUSEADDR set won't potentially bind to a
  port in use by something else (principle of least surprise).
1998-10-05 14:33:14 +00:00
matt
25054b5cf7 Adapt the NEWRENO changes from the UCSB diffs of BSDI 3.0's TCP
to NetBSD.  Ignore the SACK & FACK stuff for now.
1998-10-04 21:33:52 +00:00
kleink
c68106edad Use #error instead of causing a parse error. 1998-10-02 21:21:04 +00:00
drochner
5ddf423985 print reason for arplookup() failure (ala FreeBSD) 1998-10-01 11:04:24 +00:00
tls
c4730d65cf Switch order of TNF and UCB copyrights so UCB copyright is first; this seems more appropriate since UCB wrote the original code, after all. 1998-09-30 21:52:24 +00:00
hwr
eaccb9cd8d Start supporting IPPROTO_MOBILE (55) encapsulation. This is yet
another tunneling protocol used by the Mobile-IP people. See RFC 2004
for this.
1998-09-30 05:59:27 +00:00
christos
e74ca32804 SIOCGIFALIAS should not be restricted to the superuser. 1998-09-28 12:32:43 +00:00
mycroft
4a000a54e6 Fix a typo (not mine) in a comment. 1998-09-19 04:34:34 +00:00
mycroft
04ef3bf88d If we're in LISTEN state and all of RST, SYN and ACK are clear, send a RST. 1998-09-19 04:32:51 +00:00
mycroft
31347e4671 Always send a 0 window with a RST. Suggested by Darren Reed. 1998-09-19 04:02:52 +00:00
hwr
cf70cc28c7 Typo. :( 1998-09-14 21:15:56 +00:00
hwr
517139017e Some additions.
And IDPR-CMTP is 38 not 39 according to IANA.
1998-09-14 21:09:51 +00:00
hwr
366b9c4515 Add a gre tunnel pseudo network device. Gre = generic route encapsulation.
This device shows up like any other network interface and can be used to
tunnel L3 protocols as e.g. IP over IP.
1998-09-13 20:27:47 +00:00
christos
66dd35d72c Fix copyright spacing and 'Van' -> 'van' for consistency. 1998-09-13 15:45:40 +00:00
tv
235fc6a6a9 egcs {brace} warning fix 1998-09-10 19:53:28 +00:00
mouse
b95116821c Create tcp.keepidle, tcp.keepintvl, tcp.keepcnt, tcp.slowhz sysctls. 1998-09-10 10:46:03 +00:00
thorpej
9fd57e8917 Make a diagnostic printf more sensible, PR #5951, Heiko W. Rupp. 1998-09-09 04:57:18 +00:00
thorpej
4dbfe05f1f Use an algorithm similar to that in tcp_notify() to determine if
syn_cache_unreach() should remove the entry, or just continue on.

Algorithm is to only remove the entry if we've had more than one unreach
error and have retransmitted 3 or more times.  This prevents the following
scenario, as noted in PR #5909 (PR from Ty Sarna, scenario from
Charles Hannum):

	* Host A sends a SYN.
	* Host A retransmits the SYN.
	* Host B gets the first SYN and sends a SYN-ACK.
	* Host B gets the second SYN and sends a SYN-ACK.
	* One of the SYN-ACK bounces with an
	  ICMP unreachable, causing the `SYN cache' entry to be
	  removed with no notification.
	* Host A receives the other SYN-ACK, sends an ACK, and goes to
	  ESTABLISHED state.

Should fix PR #5909.
1998-09-09 01:32:27 +00:00
christos
0f024deb52 Add SIOCGIFALIAS 1998-09-06 17:52:01 +00:00
kleink
bb4f7768e4 Protect _XOPEN_SOURCE against sysctl MIB identifiers. 1998-09-05 19:03:25 +00:00
mycroft
e2cb6dad8d Make the randomized part of the ISS 24 bits. 1998-09-04 22:34:51 +00:00
mycroft
2f501074f8 Fix a couple of bogons related to tcp_new_iss():
* Don't add tcp_iss_seq when creating a new ISS from TIME-WAIT state.
* Do the clock increment even when using the rnd device.
1998-09-04 22:29:54 +00:00
scottr
e3e7e1673f Fix the NEXT_IA_WITH_SAME_ADDR macro introduced in 1.27: it was finding
the first in_ifaddr structure with a different internet address!  Reverse
the sense of the test.  Spotted by and fix from Eric Haszlakiewicz.
1998-08-14 06:57:54 +00:00
mrg
4a75265273 defopt PFIL_HOOKS. 1998-08-09 08:58:18 +00:00
thorpej
833061914a Use the pool allocator for tcpcbs. 1998-08-02 00:36:19 +00:00
thorpej
d319e4b419 Use the pool allocator for syn_cache entries. 1998-08-02 00:35:51 +00:00
thorpej
47e9dcf841 Use the pool allocator for inpcbs. 1998-08-02 00:35:31 +00:00
tls
31d0752b99 change IN_IFADDR_HASH_SIZE to 509, which actually uses no more space than 293 due to rounding up to nearest power of two in hashinit. 1998-07-29 05:18:54 +00:00
pk
84840da908 in_pcballoc(): we can't afford to wait for memory. 1998-07-23 08:24:33 +00:00
mycroft
cca4e566a9 Implement a better fix for the `gratuitous FIN' problem, as
mentioned on tcp-impl but with a bit more commentary.
1998-07-21 10:46:00 +00:00
thorpej
3a9ed00799 Document that we are more conservative after doing MTU discovery than the
suggestion in draft-floyd-incr-init-win-03.  Rather than scaling cwnd back
by the ratio of new segment size to old segment size, we perform a slow start
using the Initial Window, computed with the new segment size.
1998-07-17 23:09:58 +00:00
thorpej
0f909866c0 Clarify that we're using the Loss Window when we receive a source quench. 1998-07-17 23:02:38 +00:00
thorpej
fa20f24cd9 Add a comment wrt. a current issue w/ CWM. 1998-07-17 23:00:02 +00:00
thorpej
a3f4316cba Clarify that we are using the Loss Window if a retransmission occurred
during the three-way handshake.
1998-07-17 22:58:56 +00:00
thorpej
830879a809 Comment where the Restart Window is computed, and in the non-CWM case,
make sure it never _increases_ cwnd.
1998-07-17 22:52:01 +00:00
thorpej
1c4ff0a086 Comment where we use the Loss Window. 1998-07-17 22:18:49 +00:00
sommerfe
69b1b4758d Fix PR5559: if fast-forwarding, DF set, and packet too large, send ICMP error.. 1998-07-17 00:35:23 +00:00
sommerfe
534520d815 Fix PR5508: ipfil cut-through forwarding causes panic 1998-07-17 00:28:00 +00:00
tls
deac3540de Put original hash function back. It wastes a little bit of space, but is much more even -- think of the case of a web service provider, some of whose customers end up getting 'inferior service' because they're on addresses that happen to be out at the end of a hash chain. With webservers with thousands of addresses, this is a real issue. If the wasted space is a big deal, we could pick a prime number that's slightly _less_ than a power of two... 1998-07-16 06:45:09 +00:00
thorpej
389da54091 Garbage collect imp' and hy'. We don't have the rest of the code, and
it's not like anyone is ever going to be using either of them.
1998-07-15 17:39:20 +00:00
veego
97ab1bd53b Resolve conflicts from the import. 1998-07-12 15:23:59 +00:00
mycroft
3a64270ca6 Back out the change from TCP/IP vol 2, in revision 1.7, which removed TH_FIN
from the output flags for CLOSING state.  There is no harm in retransmitting
the FIN, and this change has unexpected side effects that break simultaneous
close behaviour.
1998-07-09 05:49:56 +00:00
sommerfe
065cac9798 Delete bogus (void) cast of m_freem (which is already a void function..) 1998-07-07 00:04:59 +00:00
jonathan
b37021c1a1 defopt NATM. 1998-07-05 22:48:05 +00:00
jonathan
9bf2ba0928 Garbage-collect ``needs-flag'' from attributes ether, fddi, arc:
NETHER, NFDDI, NARC are  not used anywhere. Remove #include "ether.h",
   which had no effect.
Removes clash with "options NATM" for native-ATM network protocol stack.
1998-07-05 22:29:51 +00:00
jonathan
011f2bda08 defopt NS, NSIP. 1998-07-05 06:49:00 +00:00
jonathan
5c0c5dd0b4 defopt ISO TPIP. 1998-07-05 04:37:35 +00:00
jonathan
f2a2327e0a defopt EON. 1998-07-05 01:06:49 +00:00
jonathan
3751946b97 defopt INET, NETATALK. 1998-07-05 00:51:04 +00:00
jonathan
466e784ee1 defopt DDB. 1998-07-04 22:18:13 +00:00
thorpej
8cfe8959a6 Fix TCPS_HAVERCVDFIN() to actually catch all TCP states in which a FIN
has been received (CLOSE_WAIT, CLOSING, LAST_ACK, and TIME_WAIT).

From David Borman <dab@bsdi.com>.
1998-07-03 05:39:56 +00:00
is
0ca02c68a7 Thinko in last fix: we have to actually check each address for a copy on
our ifp, else we might fail for some strange configurations.
1998-07-02 14:00:39 +00:00
is
d8b8a41918 The rewrite of if_arp.c to work with the hashed interface address lists
(1.44) missed a test for the right interface, making some machines answer
to some bogus arp requests (like for WHO-HAS 127.0.0.1).

The quick patch in 1.46-1.47 does not work for so-called "unnumbered"
interfaces, that is, (point-to-point) interfaces that share their local
address with another (e.g., the Ethernet) interface.

We add a macro to in_var.h, to step (in the current implementation) through
the hash chain and fine more entries with the same address, and use that
in if_arp.c to find one which belongs to our interface.
1998-07-02 11:39:56 +00:00
tls
b0d2c08b6b Fix buglet where we might respond to arp on wrong interface. 1998-06-25 20:47:48 +00:00
cgd
651b44e211 Rework the way kernel include files are installed. In the new method,
as with user-land programs, include files are installed by each directory
in the tree that has includes to install.  (This allows more flexibility
as to what gets installed, makes 'partial installs' easier, and gives us
more options as to which machines' includes get installed at any given
time.)  The old SYS_INCLUDES={symlinks,copies} behaviours are _both_
still supported, though at least one bug in the 'symlinks' case is
fixed by this change.  Include files can't be build before installation,
so directories that have includes as targets (e.g. dev/pci) have to move
those targets into a different Makefile.
1998-06-12 23:22:30 +00:00
sommerfe
a90d5cd12e Truncate mbufs to the correct length before forwarding; fixes pr5560 1998-06-10 00:47:57 +00:00
thorpej
b22946827d Add a comment explaining why we do _not_ ACK data that might accompany
a SYN (avoidance of a DoS attack).
1998-06-02 18:33:02 +00:00
thorpej
c296923d2f Loss window MUST be one segment, per draft-floyd-incr-init-win-03. 1998-06-02 17:22:26 +00:00
thorpej
edc01ec330 In addition to the IP flow hash table, put the flows on a list. The table
is used for fast lookup, the list for traversal of all flows.  Also, use
PRT timers.
1998-06-02 15:48:03 +00:00
thorpej
837a8317b5 Eek, we were wasting almost half of the in_ifaddr hash space by modulo'ing
with IN_IFADDR_HASH_SIZE.  Instead, AND with the hash mask computed by
hashinit().
1998-06-01 00:50:07 +00:00
thorpej
08b5a4ecb8 Protect the ipflow_reap() call with splsoftnet. 1998-06-01 00:39:37 +00:00
cgd
dd8ed56342 Another demonstration that when you're converting variables from 'long's
to fixed 32-bit integers, you have to exercise care.
1998-05-31 19:39:13 +00:00
veego
6250554a65 Fix compiler warnings: Add missing ()'s. 1998-05-29 20:28:17 +00:00
veego
630030601c Fix some compiler warnings: Missing prototype and ()'s. 1998-05-29 20:27:18 +00:00
veego
a4c89e3e2e Resolve conflicts from the import of IPFilter 3.2.7. 1998-05-29 20:24:36 +00:00
matt
c0a1601f95 Change arp so its console log messages print out IP addresses in
dotted quad format instead of hex.
1998-05-29 15:34:24 +00:00
thorpej
f555f6d93f Fix OBOB in IP timestamp option processing, as noted in FreeBSD PR 6738,
from Jennifer Dawn Meyers <jdm@enteract.com>.
1998-05-24 20:14:53 +00:00
matt
f070ddb8ed Move the ppcb pointer towards the front of the structure so that it and the
pcb chain pointers can possibly be in the same cache line.
1998-05-18 17:10:37 +00:00
matt
1b2b1d801b Fix two bugs. 1998-05-18 17:08:56 +00:00
veego
82423e3d01 Resolve conflicts 1998-05-17 16:50:15 +00:00
kml
dd5ed34b88 Changed initialization of peermss to ensure that it didn't have
the TCP and IP options lengths removed from it -- the IP options can
change over the course of a connection...
1998-05-12 21:45:51 +00:00
thorpej
c5fc2e9acd Back out previous. This problem was already fixed in a different way. 1998-05-11 23:13:40 +00:00
matt
53b04a8d3c Let usr.sbin/tcpdump build again. 1998-05-11 23:09:35 +00:00
thorpej
49573284f5 Make sure a timer is marked "disarmed" once it has expired. 1998-05-11 20:52:18 +00:00
thorpej
5596fe2614 Nuke TUBA per my note to tech-net; there's no reason to keep it around. 1998-05-11 19:57:23 +00:00
kml
1216b9a560 Change comments on tcp_mss_to_advertise to match actual arguments 1998-05-07 22:30:23 +00:00
thorpej
ce3d776874 Rework the syn cache code somewhat:
- Don't use home-grown queue manipulation.  Use <sys/queue.h> instead.  The
  data structures are a little larger, but we are otherwise wasting the
  memory chunk anyway (we're already a 64-byte malloc bucket).
- Fix a bug in the cache-is-full case: if the oldest element removed from
  the first non-empty bucket was the only element in the bucket, the
  bucket wouldn't be removed from the bucket cache, causing queue corruption
  later.
- Optimize the syn cache timers by using PRT timers rather than home-grown
  decrement-and-propagate timers.

This code is now a fair bit smaller, and significantly easier to read
and understand.
1998-05-07 01:37:27 +00:00
thorpej
dc49b0342e Define all TCP timers in terms of PRT timers. 1998-05-07 01:30:46 +00:00
thorpej
34e34c985a Use the monotonically increasing slow timer timestamp provided by
the protocol dispatch layer for TCP timers.  This saves having to
modify a potentially large number of timer values (which were shorts,
and expanded to ... a lot of code on the Alpha).
1998-05-06 01:24:38 +00:00
thorpej
1ffa60ac01 Use macros from tcp_timer.h to manipulate TCP timers, so that their
implementation can be changed easily.
1998-05-06 01:21:20 +00:00
matt
36eac04cc0 Default IP flow to being enabled. Add a sysctl to control the maximum
number of flows (net.inet.ip.maxflows).  If set to 0, will disable fast
path forwarding.
1998-05-04 19:24:53 +00:00
thorpej
447384d6b8 - kern/5380 (Dennis Ferguson): fix incremental IP header checksum.
- kern/5381 (Dennis Ferguson): check IP header checksum in fast forward
  code.
- In ipflow_slowtimo(), if no IP flows are in use, don't bother checking
  all of the hash buckets.
1998-05-04 05:46:04 +00:00