Commit Graph

682 Commits

Author SHA1 Message Date
itojun 9f8cac1f16 undo interface address addition attempt, when in_ifinit fails.
(this basically avoids memory leakage)
2000-03-12 05:01:16 +00:00
thorpej 0fcf68825f Back out previous, and adjust a comment. 2000-03-10 22:39:03 +00:00
itojun 673e8e6fad move IPPROTO_DONE to IPPROTO_xx group 2000-03-10 15:30:55 +00:00
itojun 402493dee5 change member name for icmp6_filter, to be conformant to RFC2292.
From: Francis Dupont
2000-03-09 21:26:16 +00:00
thorpej d315d42657 Back out part of 1.104 which isn't actually needed. 2000-03-07 05:39:57 +00:00
mycroft 5a212f7999 Fix a splx() botch or two. 2000-03-07 04:58:35 +00:00
itojun 6a70fada85 allow SIOCDIFADDR with AF_UNSPEC address by default, until we fix ifconfig(8).
(should be COMPAT_43)
2000-03-06 19:33:13 +00:00
itojun be78177ba2 comment fix, sync with kame. 2000-03-03 17:42:14 +00:00
itojun 38441b4ae3 remove unnecessary ttl initialization which I mistakingly bringed in
during KAME merge (this is part of WIDE's expeirmental reass code...)
NetBSD PR: 9412
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
Fix from: ho@crt.se
itojun was notified from: theo
2000-03-03 13:07:42 +00:00
thorpej 754bba7b6c Avoid a bug in GCC which manifests itself when processing unaligned
IP options.  Problem pointed out by Matt Hargett and Erik Fair, analyzed
by me.
2000-03-02 06:07:36 +00:00
itojun 04ac848d6f introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)
2000-03-01 12:49:27 +00:00
itojun 5c1b7efe97 avoid copy-overwrite-copy on incoming udp4 checksum. use in4_cksum
which takes care of pseudo header checksum without overwrites.
2000-02-29 16:21:56 +00:00
itojun 82ab98145f ensure tcp window size does not overflow (16bit unsigned after window scale).
FreeBSD PR: 16914
2000-02-29 05:25:49 +00:00
itojun cdea88d700 support draft-ietf-ipngwg-icmp-name-lookups-05.txt, drop support for
draft-ietf-ipngwg-icmp-name-lookups-04.txt.

There are certain bitfield change in 04 draft to 05 draft, which makes
04 "ping6 -a" and 05 "ping6 -a" not interoperable.  sigh.
2000-02-28 13:48:50 +00:00
itojun bbe25244d0 remove some of cross-BSD portability #ifdef.
remove xxCTL_VARS, which is BSDI specific.
2000-02-28 12:08:21 +00:00
itojun 1450d6e643 bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall.  introduce proxy NDP code works
  just like "arp -s".
- revise source address selection.
  be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
  packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
2000-02-26 08:39:18 +00:00
itojun c1e70a6c0a allow AF_UNSPEC for SIOCDIFADDR. ISC DHCP client depends on this behavior. 2000-02-25 08:51:35 +00:00
itojun abf6ccac96 backout previous commit (sanity check for family) - it seems to be doing
something wrong.  i'll revise it soon.
2000-02-25 08:37:05 +00:00
itojun 3c0960474d reject non-AF_INET addresses on ioctl.
without this, we can configure invalid sockaddrs, for example,
sa_family == 0 (and we can never remove them!)
2000-02-25 07:11:38 +00:00
itojun 729dcf0da4 hide declaration of IP6_EXTHDR_{GET,CHECK} from userland. 2000-02-24 09:55:24 +00:00
itojun 6a1af46504 don't transmit ICMPv4 packet back, if the original packet was encyrpted. 2000-02-24 09:54:49 +00:00
darrenr 4b3916780b pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
2000-02-20 00:56:33 +00:00
darrenr fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
itojun 729f693364 - if ip_dst matches address on !IFF_UP interface, and
- there's no match against addresses on IFF_UP interface,
send icmp unreach if I'm router.  drop it if I'm host.

Revised version of PR: 9387 from nrt@iij.ad.jp.  Discussed with thorpej+nrt.
2000-02-16 12:40:40 +00:00
thorpej b178e1f58c Add support for rate-limiting RSTs sent in response to no socket for
an incoming packet.  Default minimum interval is 10ms.  The interval
is changeable via the "net.inet.tcp.rstratelimit" sysctl variable.
2000-02-15 19:54:11 +00:00
thorpej f3b975e9a4 Add ICMP error rate limiting, based on the same for ICMP6.
Note, we're reusing the previously unused slot for "MTU discovery" (which
was moved to the "net.inet.ip" branch of the sysctl tree quite some time
ago).
2000-02-15 04:03:49 +00:00
itojun 800897b12f make assumption on mbuf explicit (m->m_len >= sizeof (struct ip)). 2000-02-15 00:42:22 +00:00
thorpej fd4ed9b425 Typo (Thanks, Havard :-) 2000-02-12 18:00:00 +00:00
thorpej 46f7b67929 Small cosmetic change, and note a place where a statistic should be
gathered.
2000-02-12 17:45:44 +00:00
thorpej 312cb38ccb In the tcp_input() path:
- Filter out multicast destinations explicitly for every incoming packet,
  not just SYNs.  Previously, non-SYN multicast destination would be
  filtered out as a side effect of PCB lookup.  Remove now redundant
  similar checks in the dropwithreset case and in syn_cache_add().
- Defer the TCP checksum until we know that we want to process the
  packet (i.e. have a non-CLOSED connection or a listen socket).
2000-02-12 17:19:34 +00:00
itojun 82b005364c don't increase both "no port on broadcast packet" and "no port" stat.
increasing both of them will result in negative number on udp
"delivered" stat on netstat(8), since netstat computes number of delivered
packet by subtracting them from number of inbound packets.
2000-02-11 10:43:36 +00:00
itojun 46dfa55555 fix in-kernel packet forwarding loop (till TTL becomes 0) when:
- a packet is delivered to an address X,
- and the address X is configured on my !IFF_UP interface
- and ipforwarding=1

NetBSD PR: 9387
From: nrt@iij.ad.jp
2000-02-11 05:57:58 +00:00
itojun ff0fe5df65 fix ip4 protosw.
gif interface and gre interface should be able to coexist.
2000-02-10 14:44:28 +00:00
itojun 59d74f3d21 to improve RFC2553/2292 compliance, and promote use of
RFC2553/2292-compliant header file path, now the following headers are
forbidden:
	netinet6/ip6.h
	netinet6/icmp6.h
	netinet6/in6.h

if you want netinet6/{ip6,icmp6}.h, use netinet/{ip6,icmp6}.h.

if you want netinet6/in6.h, you just need to include netinet/in.h.
it pulls it in.
(we may need to integrate them into netinet/in.h, but for cross-BSD code
sharing i'd like to keep it like this for now)
2000-02-09 00:54:55 +00:00
itojun 4f53db2499 optimize mbuf allocation for ip/tcp/tcpopt part. 2000-02-09 00:50:40 +00:00
veego aa4732525f Fix from Darren Reed for the test failure of f11. 2000-02-07 13:58:00 +00:00
itojun 2687887f38 s/DIAGNOSTIC/DEBUG/ 2000-02-07 06:15:16 +00:00
itojun 51219dabc9 to be more rfc2292 complient, move ip6.h and icmp6.h into netinet.
(netinet6/{ip6,icmp6}.h is non-standard path - these files should go away)

it was not possible to use cvsmove in this case.
when you try to look at history, chase it toward netinet6/{ip6,icmp6}.h.
2000-02-06 11:11:29 +00:00
itojun 76064f5770 don't chase mbuf pointer when it is NULL. 2000-02-06 08:06:43 +00:00
itojun f91ee608a9 avoid calling in6_control(SIOCDIFADDR_IN6) from interrupt context.
it is not supposed to work.
logging fix: add "\n" to some of log() in in6_prefix.c.

improve in6_ifdetach().  now almost all structure depend on ifnet
will be cleared up.
possible loose ends:
- cached route_in6 in static varaiables needs to be cleared as well
- there are ifaddr manipulation without reference counting,
  which should be fixed
we still see panics after card removal, though...  not sure what is left.

(sync with kame)
2000-02-04 14:34:22 +00:00
thorpej c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
thorpej d844a3ac41 First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
  work was.  This is hard to get right, and we should attack one
  protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
  purge an ifaddr from a protocol.  The old method Bill used didn't work
  on all protocols, and it only worked on some because it was Very Lucky.

This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
2000-02-01 22:52:04 +00:00
veego 064dbd29ad Only print one 'IP Filter:' line when it gets enabled or disabled. 2000-02-01 21:41:36 +00:00
veego b3bffdf856 Resolve conflicts. 2000-02-01 21:29:15 +00:00
thorpej 3b5706e2e5 Fix a couple of whitespace glitches. 2000-02-01 00:07:50 +00:00
thorpej 637a2eee6e Use ifatoia() and sintosa() consistently, rather than using home-grown
casting macros intermixed.
2000-02-01 00:07:09 +00:00
thorpej 1cb24101b9 Small amount of cosmetic cleanup. 2000-02-01 00:05:07 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun 63fd2c0262 destination port == 0 is illegal based on RFC768.
(NetBSD PR: 9137 - I thought I committed this already but I wasn't)
2000-01-31 10:39:26 +00:00
sommerfeld 62224d5f23 Pick source address for ICMP errors a bit more intelligently when
there are multiple addresses on the interface.

From Marc Horowitz <marc@netbsd.org>, who left this sitting for too long.
2000-01-25 17:07:56 +00:00