Commit Graph

297 Commits

Author SHA1 Message Date
thorpej
4ed600dbd0 Fix several annoyances related to MSS handling in BSD TCP:
- Don't overload t_maxseg.  Previous behavior was to set it to the min
  of the peer's advertised MSS, our advertised MSS, and tcp_mssdflt
  (for non-local networks).  This breaks PMTU discovery running on
  either host.  Instead, remember the MSS we advertise, and use it
  as appropriate (in silly window avoidance).
- Per last bullet, split tcp_mss() into several functions for handling
  MSS (ours and peer's), and performing various tasks when a connection
  becomes ESTABLISHED.
- Introduce a new function, tcp_segsize(), which computes the max size
  for every segment transmitted in tcp_output().  This will eventually
  be used to hook in PMTU discovery.
1997-09-22 21:49:55 +00:00
thorpej
de572198ad Implement in_pcbrtentry() - return the route associated with a PCB. If
one does not exist, attempt to allocate one.  This is mostly pulled from
tcp_input.c.
1997-09-22 21:39:40 +00:00
veego
4508fb4354 Resolve conflicts from the merge of ipf 3.2beta5. 1997-09-21 18:00:54 +00:00
veego
985ac74a98 Import ip-filter 3.2beta5 1997-09-21 16:47:50 +00:00
drochner
d8f1d9401e Adjust packet len in mbuf header for incoming broadcasts.
Closes PR kern/4087 (by myself).
1997-09-12 10:58:31 +00:00
gwr
c74236bfc9 Tweaks to allow operation with an interface address of 0.0.0.0
(needed for NFS mountroot using BOOTP to get boot parameters)
1997-08-29 16:02:41 +00:00
matt
b2b8155618 Add IPPROTO_ESP and IPPROTO_AH defines. 1997-08-27 17:05:34 +00:00
thorpej
ca0bba0081 Add ICMP unreachable code #13 - "Communication Administratively Prohibited",
per RFC 1716.  From Havard Eidnes <he@vader.runit.sintef.no>, PR #4038.
1997-08-26 18:27:53 +00:00
mycroft
e76ba36231 Make sure we install the route returned by the upcall before trying to
forward any queued packets.  From Bill Fenner, via Brad Karp.
1997-08-14 06:42:33 +00:00
lukem
fcbcbc2234 struct loif is an array of NLOOP (from "loop.h") elements 1997-08-04 06:18:49 +00:00
is
240cc2913e Include file in place of the old netinet/if_ether.h, including stuff from
where it is now, and adding the specialized for Ethernet version of the ARP
structure, for the benefit of programs which are externally (to us) maintained
and not (yet) ported.
XXX This should NOT be used inside the kernel.
1997-07-29 09:10:51 +00:00
thorpej
4cef61d36b Generate dependencies for the TCP_SENDSPACE and TCP_RECVSPACE options. 1997-07-28 22:31:08 +00:00
thorpej
db103f4414 Make the following tunable via sysctl, inspired by BSD/OS:
- udp_sendspace
- udp_recvspace
1997-07-28 22:19:53 +00:00
thorpej
758a104426 Make the following tunable via sysctl, inspired by BSD/OS:
- tcp_sendspace
- tcp_recvspace
- tcp_mssdflt
- tcp_syn_cache_limit
- tcp_syn_bucket_limit
- tcp_syn_cache_timer
1997-07-28 22:18:48 +00:00
thorpej
402ae96361 Garbage-collect some "extern"s. 1997-07-28 22:07:38 +00:00
thorpej
e794123006 Fix a rather severe bug in handling of incoming SYNs for peer/port values
which happen to have a TCB in TIME_WAIT, where an mbuf which had been
advanced past the IP+TCP headers and TCP options would be reused as if
it had not been advanced.  Problem found by Juergen Hannken-Illjes, who
also suggested a work-around on which this fix is based.
1997-07-28 01:07:48 +00:00
thorpej
efa8881dbe Pull SYN_cache_branch down into the main line. 1997-07-23 21:26:40 +00:00
kleink
512b9c1d90 Nuke an `#ifdef sparc' conditional around ntohs() usage: this (1) is incomplete
and (2) makes no difference anyway.  Also, minor KNF.
1997-07-21 16:53:47 +00:00
kleink
b2bead304f Fix a misplaced brace which caused NAT list corruption; from Dave Huang
<khym@bga.com> in PR kern/3872.
1997-07-16 11:06:07 +00:00
mrg
02e5531ec7 put back IPFILTER_DEFAULT_BLOCK, as documented in options(4). 1997-07-08 05:54:02 +00:00
veego
29fcbcb000 Use FR_PASS for IPF_DEFAULT_PASS. This can be overwritten with an
options IPF_DEFAULT_PASS=FR_BLOCK in your config file.
1997-07-07 23:08:22 +00:00
fvdl
413872caa0 Get rid of (void) cast to KFREE, as it may be a macro, in which case
the cast will be a syntax error.
1997-07-07 22:21:21 +00:00
phil
ccfe711608 Protect against double inclusion. PR 3524. 1997-07-07 20:57:46 +00:00
thorpej
ba90103dd6 The fingerprint of (*fr_checkp)() is the same if compiling in kernel
or user code.
1997-07-06 22:32:34 +00:00
thorpej
e0acb98b94 Fix an old and obscure TCP bug, brought to my attention by Bill Fenner,
fixed in FreeBSD by John Polstra:

Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern.  For full details
as well as a test case that demonstrates the failure, see the
referenced PR (FreeBSD's kern/3998).

   Under certain circumstances involving the persist state, it is
   possible for the receive side's tp->rcv_nxt to advance beyond its
   tp->rcv_adv.  This causes (tp->rcv_adv - tp->rcv_nxt) to become
   negative.  However, in the code affected by this fix, that difference
   was interpreted as an unsigned number by max().  Since it was
   negative, it was taken as a huge unsigned number.  The effect was
   to cause the receiver to believe that its receive window had negative
   size, thereby rejecting all received segments including ACKs.  As
   the test case shows, this led to fruitless retransmissions and
   eventually to a dropped connection.  Even connections using the
   loopback interface could be dropped.  The fix substitutes the signed
   imax() for the unsigned max() function.

Bill informs me that his research indicates this bug appeared in Reno.
1997-07-06 07:04:34 +00:00
thorpej
b19b36aff5 Restore original RCS IDs. 1997-07-06 05:29:13 +00:00
thorpej
329a831bd5 Deal with a bogus warning from -Wuninitialized. 1997-07-06 05:14:08 +00:00
thorpej
0feb054b62 - Add a missing #ifdef SOLARIS
- Properly prototype ipfilterattach()/iplattach().
1997-07-06 05:13:40 +00:00
thorpej
c68633278f - Add a prototype for fixskip() so that this file compiles.
- Fix, ONCE AGAIN, semantics of ipfilterattach().  This time, not only
  was it semantically broken, it wasn't even close to compiling!
1997-07-06 05:13:00 +00:00
thorpej
3fb8ff16e8 The sheer number of #ifdef's around it should have been a hint that
#include <machine/mtpr.h> isn't something you're supposed to do in
NetBSD.
1997-07-06 05:11:28 +00:00
thorpej
ab01c534f6 Fix a bug caught by gcc: add parenthesis to properly group a test. 1997-07-06 05:10:41 +00:00
thorpej
90c43e78e2 Import yet another missing piece of IPFilter 3.2beta1. 1997-07-06 05:02:26 +00:00
thorpej
5a85b0d9fa Import ip_auth.h from IPFilter 3.2beta1; this was missed during the
upgrade.
1997-07-06 04:58:52 +00:00
darrenr
729f0dc597 fix conflicts from import 1997-07-05 05:38:14 +00:00
thorpej
9bf15b8b78 Don't adjust ip->ip_len before calling icmp_error(); icmp_error() already
does this.  Per Stevens in TCP/IP Illustrated Vol. 2, p.774, submitted
by Koji Imada <koji@math.human.nagoya-u.ac.jp>.
1997-06-24 19:31:34 +00:00
thorpej
a0e791807e Eliminate use of dtom() from the network code, allowing more flexible
use of mbuf external storage and increasing performance (by eliminating
an m_pullup() for clusters in the IP reassembly code).

Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628
and #3480, with ever-so-slight integration changes by me.
1997-06-24 02:25:59 +00:00
thorpej
b791871522 Increment icmpstat.icps_badlen for bad length of ICMP_MASKREQ, per
Stevens in TCP/IP Illustrated vol. 2, p.319.  Submitted by
Koji Imada <koji@math.human.nagoya-u.ac.jp> in PR #3712.
1997-06-24 01:26:19 +00:00
kleink
b8377e5395 As per RFC 793, don't retransmit the FIN during a simultaneous close.
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3737
and TCP/IP Illustrated, Vol. 2, respectively.
1997-06-18 10:05:44 +00:00
mrg
c258d0d05e make it "options IPFILTER_DEFAULT_BLOCK". 1997-06-16 13:38:05 +00:00
kleink
8fb48a5db9 Eliminate a superflouus `if' statement: when detaching the TCP protocol from
a socket, just calling tcp_disconnect() on the tcpcb will do the right thing.
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3738
resp. TCP/IP Illustrated, Vol. 2.
1997-06-12 18:41:14 +00:00
kml
6a233e37f6 Fix urgent pointer overflow problems when used with large windows 1997-06-03 16:17:09 +00:00
thorpej
5b0d69d6a8 In ipl_disable(), don't conditionalize the "fr_checkp = fr_savep"
operation, since:
	- in ipl_enable(), "fr_savep = fr_checkp" is not conditionalized
	  in the same way (not at all), and
	- without this change, it was not possible to enable, disable,
	  and reenable ipfilter.
1997-06-01 06:57:09 +00:00
thorpej
a464ced388 Change the aps_tout member of struct ap_session from time_t to u_long
so that it can be passed to the filter rule aging functions, which
expect a pointer to a u_long.  (time_t is an int on the alpha.)
1997-05-28 04:59:34 +00:00
thorpej
fa7df10d8b Put the #ifndef _KERNEL prototype of get_unit() in <netinet/ip_fil.h>
since it is needed by other files, in order to compile on 64-bit
architectures.
1997-05-28 04:48:47 +00:00
thorpej
41d4822677 Resolve conflicts from merge of 3.2a7, take 2. Also, eliminate some
silly differences between the NetBSD copy of the code and the
vendor branch, keeping only those which are necessary.  Of those
differences that currently exist, several "portability to NetBSD"
issues, which will be fed back to the ipfilter author.
1997-05-28 00:17:11 +00:00
gwr
3cb60b969d Allow revarpwhoami() to be called multiple times.
(Just return the answer if we already have it.)
Without this, the RB_ASKNAME loop fails on every
call to nfs_mountroot after the first call.
1997-05-27 23:14:44 +00:00
thorpej
67a6c44c15 Make this compile on 32-bit architectures again:
- Pull in includes to get appropriate prototypes.
1997-05-27 01:24:31 +00:00
thorpej
faeb45fcca Make this compile on 32-bit architectures:
- Add prototypes.
- Add a forward-decl to avoid a cyclic dependency graph.
1997-05-27 01:23:50 +00:00
thorpej
03e37a1874 Make this compile on 32-bit architectures:
- Deal with lame gcc -Wuninitialized warning (which is incorrect)
- Add parens around assignments within conditionals.
1997-05-27 01:22:52 +00:00
thorpej
77a115108c Make this compile on 32-bit architecutres again:
- Get arguments to ioctl right (cmd is a u_long in NetBSD)
1997-05-27 01:21:33 +00:00