Commit Graph

773 Commits

Author SHA1 Message Date
itojun
8987054176 pass struct proc * down to udp6_output and in6_pcbbind. 2000-06-05 06:38:22 +00:00
veego
c02ef5cc85 Resolve conflicts. 2000-05-23 06:07:42 +00:00
itojun
5de72de121 disallow negative numbers for ratelimit interval (tcp, icmp, icmp6). 2000-05-22 12:08:43 +00:00
veego
b0c4d85748 Add a missing ; at the end of a line. 2000-05-21 18:47:00 +00:00
veego
4c4ad1d1a5 Resolve conflicts. 2000-05-21 18:45:53 +00:00
jhawk
ca31d672e2 Install "show arptab" (db_show_arptab) in the ddb command tree.
Move prototype from netinet/if_inarp.h to ddb/db_interface.h.
Change function to have standard ddb parameters (though they're
ignored).
2000-05-20 03:08:41 +00:00
veego
8db28cd918 Resolve conflicts and fix a compile error in ip_ftp_pxy.c. 2000-05-11 19:46:05 +00:00
itojun
8a0fabf8cf add missing boundary checks to ip options processing.
correct timestamp option validation (len and ptr upper/lower bound
based on RFC791).
fill "pointer" field for parameter problem in timestamp option processing.
2000-05-10 03:31:30 +00:00
itojun
b3c4ed6cf7 correct more out-of-bounds memory access, if cnt == 1 and optlen > 1. 2000-05-10 01:19:44 +00:00
itojun
4a12628c71 correct out-of-bound access when hlen == 1 and opt > 1.
reviewed by darren, darren committed to freebsd fil.c (1.12 -> 1.13)
so it should be correct enough.
2000-05-10 00:08:03 +00:00
sommerfeld
90f481ef3f Handle large offsets with very small options correctly. 2000-05-06 16:35:14 +00:00
mycroft
176e840713 GC in_interfaces. 2000-05-06 02:41:32 +00:00
matt
650107086a remove superfluous test (snd_una is always > iss since th_ack must > iss
(first test at start of case) and th_ack is assigned to snd_una).
2000-05-05 15:05:29 +00:00
matt
5a6e4c896c From PR #3733: Only disarm timer if SYN contained the ACK bit since if
it didn't it would be a crossing/simultaneous SYN and doesn't mean the
remote TCP received our SYN.
2000-05-05 14:51:46 +00:00
veego
21dea2100c Resolve conflicts. 2000-05-03 11:12:03 +00:00
sommerfeld
a5ff71cecc One more __attribute__((__packed__)) to dissuade egcs from making
unwarranted asumptions about the structure's alignment.
2000-05-02 14:15:07 +00:00
itojun
3075a916cc sync with more recent kame. defer inclusion of net/if_gif.h. 2000-04-26 05:36:41 +00:00
enami
c63f06acd3 IN_MULTICAST() takes in_addr.s_addr as argument, not pointer to it. 2000-04-20 01:59:22 +00:00
itojun
d300ce3942 add net/if_stf.h and netinet/ip_encap.h (almost noone will include them though) 2000-04-19 06:39:15 +00:00
itojun
3909133548 introduce sys/netinet/ip_encap.c, to dispatch inbound packets
to protocol handlers, based on src/dst (for ip proto #4/41).
see comment in ip_encap.c for details of the problem we have.
there are too many protocol specs for ip proto #4/41.
backward compatibility with MROUTING case is now provided in ip_encap.c.

fix ipip to work with gif (using ip_encap.c).  sorry for breakage.

gif now uses ip_encap.c.

introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code
with ip proto #41).
2000-04-19 06:30:51 +00:00
chs
e34eb900c0 remove an LBL ifdef that we can't turn on anyway. 2000-04-16 20:59:49 +00:00
chs
46faa6bb58 remove ifdefs to skip htons() on some big-endian platforms. 2000-04-16 20:58:52 +00:00
is
ab879a6479 Copy M_BCAST and M_MCAST flags when fragmenting a packet (else
Multicast packets won't be send to the correct link layer address
by the interface driver).
By Artur Grabowski, PR 9772.
2000-04-13 11:48:07 +00:00
enami
97ba34b80b - Unselect the multicast outgoing interface if it is being detached.
- Drop the multicast membership if we are joining through the interface
  being detached.
2000-04-03 03:51:16 +00:00
enami
107aabc200 Bump the reference count of ifaddr while it is refered through in_multi. 2000-04-03 03:50:05 +00:00
jdolecek
c42f28d24a Since last duplicate prototype cleanup, we need to include
<netinet/ip_mroute.h> to get ip_mforward() prototype if MROUTING
is defined.
2000-03-31 14:31:03 +00:00
jdolecek
a59a99b6dc Slighly improve previous - only include <netinet/ip_mroute.h> if MROUTING
is defined.
2000-03-31 14:27:17 +00:00
jdolecek
c2acbd102b include <netinet/ip_mroute.h> for ip_mforward() - needed after
last duplicate prototype sweep (prototype for ip_mforward() used to be in <netinet/ip_var.h>)
2000-03-31 08:34:20 +00:00
augustss
8529438fe6 Remove register declarations. 2000-03-30 12:51:13 +00:00
simonb
75c4560a75 Delete reduncdant decl of inetctlerrmap - it's in <netinet/in_var.h>. 2000-03-30 02:39:37 +00:00
simonb
1058c2aba9 Delete redundant decl of zeroin6_addr, it's in <netinet6/in6_var.h>. 2000-03-30 02:38:53 +00:00
simonb
c85fbea607 Delete redundant decl of ip_gif_ttl - it's in <netinet/in_gif.h>.
Delete redundant decl of ip_mforward() - it's in <netinet/ip_mroute.h>.
2000-03-30 02:37:40 +00:00
simonb
c2693b78a0 Delete uninitialised declaration of ip_defttl - there's an initialised
decl earlier in this file.
2000-03-30 02:35:24 +00:00
simonb
d1fd2a6b54 Delete redundant decl of in_socktrim() - it's in <netinet/in.h>. 2000-03-30 02:33:45 +00:00
simonb
e4c5993774 Extern decl of arpintrq. 2000-03-30 02:32:57 +00:00
thorpej
66470ad12d Pull in <sys/callout.h> for the benefit of userland. 2000-03-24 22:40:11 +00:00
thorpej
fc96443d15 New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
  resource allocation.
- Insertion and removal of callouts is constant time, important as
  this facility is used quite a lot in the kernel.

The old timeout()/untimeout() API has been removed from the kernel.
2000-03-23 07:01:25 +00:00
ws
7da71e5f9e Make IPKDB working again.
Add support for i386 debugging and pci-based ne2000 boards.
2000-03-22 20:58:25 +00:00
itojun
2dbc76c437 tabify a line. 2000-03-22 06:10:39 +00:00
itojun
19b198e8c2 improve comment (about undo'ing code on in{,6}_ifinit failure) 2000-03-21 11:23:31 +00:00
itojun
d926d6fa47 #if 0'ed undo code for interface address addition failure.
it was a bit too strong, and forbids multiple addresses from
same prefix to be assigned.

now the behavior is the same as previous - memory leak on interface address
addition failure.
http://orange.kame.net/dev/query-pr.cgi?pr=218
2000-03-18 02:41:58 +00:00
itojun
9f8cac1f16 undo interface address addition attempt, when in_ifinit fails.
(this basically avoids memory leakage)
2000-03-12 05:01:16 +00:00
thorpej
0fcf68825f Back out previous, and adjust a comment. 2000-03-10 22:39:03 +00:00
itojun
673e8e6fad move IPPROTO_DONE to IPPROTO_xx group 2000-03-10 15:30:55 +00:00
itojun
402493dee5 change member name for icmp6_filter, to be conformant to RFC2292.
From: Francis Dupont
2000-03-09 21:26:16 +00:00
thorpej
d315d42657 Back out part of 1.104 which isn't actually needed. 2000-03-07 05:39:57 +00:00
mycroft
5a212f7999 Fix a splx() botch or two. 2000-03-07 04:58:35 +00:00
itojun
6a70fada85 allow SIOCDIFADDR with AF_UNSPEC address by default, until we fix ifconfig(8).
(should be COMPAT_43)
2000-03-06 19:33:13 +00:00
itojun
be78177ba2 comment fix, sync with kame. 2000-03-03 17:42:14 +00:00
itojun
38441b4ae3 remove unnecessary ttl initialization which I mistakingly bringed in
during KAME merge (this is part of WIDE's expeirmental reass code...)
NetBSD PR: 9412
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
Fix from: ho@crt.se
itojun was notified from: theo
2000-03-03 13:07:42 +00:00
thorpej
754bba7b6c Avoid a bug in GCC which manifests itself when processing unaligned
IP options.  Problem pointed out by Matt Hargett and Erik Fair, analyzed
by me.
2000-03-02 06:07:36 +00:00
itojun
04ac848d6f introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)
2000-03-01 12:49:27 +00:00
itojun
5c1b7efe97 avoid copy-overwrite-copy on incoming udp4 checksum. use in4_cksum
which takes care of pseudo header checksum without overwrites.
2000-02-29 16:21:56 +00:00
itojun
82ab98145f ensure tcp window size does not overflow (16bit unsigned after window scale).
FreeBSD PR: 16914
2000-02-29 05:25:49 +00:00
itojun
cdea88d700 support draft-ietf-ipngwg-icmp-name-lookups-05.txt, drop support for
draft-ietf-ipngwg-icmp-name-lookups-04.txt.

There are certain bitfield change in 04 draft to 05 draft, which makes
04 "ping6 -a" and 05 "ping6 -a" not interoperable.  sigh.
2000-02-28 13:48:50 +00:00
itojun
bbe25244d0 remove some of cross-BSD portability #ifdef.
remove xxCTL_VARS, which is BSDI specific.
2000-02-28 12:08:21 +00:00
itojun
1450d6e643 bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall.  introduce proxy NDP code works
  just like "arp -s".
- revise source address selection.
  be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
  packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
2000-02-26 08:39:18 +00:00
itojun
c1e70a6c0a allow AF_UNSPEC for SIOCDIFADDR. ISC DHCP client depends on this behavior. 2000-02-25 08:51:35 +00:00
itojun
abf6ccac96 backout previous commit (sanity check for family) - it seems to be doing
something wrong.  i'll revise it soon.
2000-02-25 08:37:05 +00:00
itojun
3c0960474d reject non-AF_INET addresses on ioctl.
without this, we can configure invalid sockaddrs, for example,
sa_family == 0 (and we can never remove them!)
2000-02-25 07:11:38 +00:00
itojun
729dcf0da4 hide declaration of IP6_EXTHDR_{GET,CHECK} from userland. 2000-02-24 09:55:24 +00:00
itojun
6a1af46504 don't transmit ICMPv4 packet back, if the original packet was encyrpted. 2000-02-24 09:54:49 +00:00
darrenr
4b3916780b pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
2000-02-20 00:56:33 +00:00
darrenr
fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
itojun
729f693364 - if ip_dst matches address on !IFF_UP interface, and
- there's no match against addresses on IFF_UP interface,
send icmp unreach if I'm router.  drop it if I'm host.

Revised version of PR: 9387 from nrt@iij.ad.jp.  Discussed with thorpej+nrt.
2000-02-16 12:40:40 +00:00
thorpej
b178e1f58c Add support for rate-limiting RSTs sent in response to no socket for
an incoming packet.  Default minimum interval is 10ms.  The interval
is changeable via the "net.inet.tcp.rstratelimit" sysctl variable.
2000-02-15 19:54:11 +00:00
thorpej
f3b975e9a4 Add ICMP error rate limiting, based on the same for ICMP6.
Note, we're reusing the previously unused slot for "MTU discovery" (which
was moved to the "net.inet.ip" branch of the sysctl tree quite some time
ago).
2000-02-15 04:03:49 +00:00
itojun
800897b12f make assumption on mbuf explicit (m->m_len >= sizeof (struct ip)). 2000-02-15 00:42:22 +00:00
thorpej
fd4ed9b425 Typo (Thanks, Havard :-) 2000-02-12 18:00:00 +00:00
thorpej
46f7b67929 Small cosmetic change, and note a place where a statistic should be
gathered.
2000-02-12 17:45:44 +00:00
thorpej
312cb38ccb In the tcp_input() path:
- Filter out multicast destinations explicitly for every incoming packet,
  not just SYNs.  Previously, non-SYN multicast destination would be
  filtered out as a side effect of PCB lookup.  Remove now redundant
  similar checks in the dropwithreset case and in syn_cache_add().
- Defer the TCP checksum until we know that we want to process the
  packet (i.e. have a non-CLOSED connection or a listen socket).
2000-02-12 17:19:34 +00:00
itojun
82b005364c don't increase both "no port on broadcast packet" and "no port" stat.
increasing both of them will result in negative number on udp
"delivered" stat on netstat(8), since netstat computes number of delivered
packet by subtracting them from number of inbound packets.
2000-02-11 10:43:36 +00:00
itojun
46dfa55555 fix in-kernel packet forwarding loop (till TTL becomes 0) when:
- a packet is delivered to an address X,
- and the address X is configured on my !IFF_UP interface
- and ipforwarding=1

NetBSD PR: 9387
From: nrt@iij.ad.jp
2000-02-11 05:57:58 +00:00
itojun
ff0fe5df65 fix ip4 protosw.
gif interface and gre interface should be able to coexist.
2000-02-10 14:44:28 +00:00
itojun
59d74f3d21 to improve RFC2553/2292 compliance, and promote use of
RFC2553/2292-compliant header file path, now the following headers are
forbidden:
	netinet6/ip6.h
	netinet6/icmp6.h
	netinet6/in6.h

if you want netinet6/{ip6,icmp6}.h, use netinet/{ip6,icmp6}.h.

if you want netinet6/in6.h, you just need to include netinet/in.h.
it pulls it in.
(we may need to integrate them into netinet/in.h, but for cross-BSD code
sharing i'd like to keep it like this for now)
2000-02-09 00:54:55 +00:00
itojun
4f53db2499 optimize mbuf allocation for ip/tcp/tcpopt part. 2000-02-09 00:50:40 +00:00
veego
aa4732525f Fix from Darren Reed for the test failure of f11. 2000-02-07 13:58:00 +00:00
itojun
2687887f38 s/DIAGNOSTIC/DEBUG/ 2000-02-07 06:15:16 +00:00
itojun
51219dabc9 to be more rfc2292 complient, move ip6.h and icmp6.h into netinet.
(netinet6/{ip6,icmp6}.h is non-standard path - these files should go away)

it was not possible to use cvsmove in this case.
when you try to look at history, chase it toward netinet6/{ip6,icmp6}.h.
2000-02-06 11:11:29 +00:00
itojun
76064f5770 don't chase mbuf pointer when it is NULL. 2000-02-06 08:06:43 +00:00
itojun
f91ee608a9 avoid calling in6_control(SIOCDIFADDR_IN6) from interrupt context.
it is not supposed to work.
logging fix: add "\n" to some of log() in in6_prefix.c.

improve in6_ifdetach().  now almost all structure depend on ifnet
will be cleared up.
possible loose ends:
- cached route_in6 in static varaiables needs to be cleared as well
- there are ifaddr manipulation without reference counting,
  which should be fixed
we still see panics after card removal, though...  not sure what is left.

(sync with kame)
2000-02-04 14:34:22 +00:00
thorpej
c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
thorpej
d844a3ac41 First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
  work was.  This is hard to get right, and we should attack one
  protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
  purge an ifaddr from a protocol.  The old method Bill used didn't work
  on all protocols, and it only worked on some because it was Very Lucky.

This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
2000-02-01 22:52:04 +00:00
veego
064dbd29ad Only print one 'IP Filter:' line when it gets enabled or disabled. 2000-02-01 21:41:36 +00:00
veego
b3bffdf856 Resolve conflicts. 2000-02-01 21:29:15 +00:00
thorpej
3b5706e2e5 Fix a couple of whitespace glitches. 2000-02-01 00:07:50 +00:00
thorpej
637a2eee6e Use ifatoia() and sintosa() consistently, rather than using home-grown
casting macros intermixed.
2000-02-01 00:07:09 +00:00
thorpej
1cb24101b9 Small amount of cosmetic cleanup. 2000-02-01 00:05:07 +00:00
itojun
1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun
63fd2c0262 destination port == 0 is illegal based on RFC768.
(NetBSD PR: 9137 - I thought I committed this already but I wasn't)
2000-01-31 10:39:26 +00:00
sommerfeld
62224d5f23 Pick source address for ICMP errors a bit more intelligently when
there are multiple addresses on the interface.

From Marc Horowitz <marc@netbsd.org>, who left this sitting for too long.
2000-01-25 17:07:56 +00:00
itojun
b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
2000-01-06 15:46:07 +00:00
itojun
ec63b40402 remove too much portability code in KAME, to improve readability. 2000-01-06 07:31:07 +00:00
itojun
2e904aec57 make IPV6_BINDV6ONLY setsockopt available. it controls behavior of
AF_INET6 wildcard listening socket.  heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value.  default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
2000-01-06 06:41:18 +00:00
veego
a7c3d2263b Fix a panic which was mentioned on the ipfilter mailing list.
Patch from Darren send to the mailing list after he released 3.3.6 and
did a bad job with using the wrong way to update the NetBSD version
of ipfilter.
1999-12-29 08:19:07 +00:00
darrenr
1904e0a218 update ipfilter code to 3.3.6 1999-12-28 07:14:53 +00:00
itojun
dc0f1c0435 drop IPv6 packets with v4 mapped address on src/dst. they are illegal
and may be used to fool IPv6 implementations (by using ::ffff:127.0.0.1 as
source you may be able to pretend the packet is from local node)
1999-12-22 04:03:01 +00:00
itojun
8bd9534970 avoid shared cluster mbuf overwrite on multicast packet loopback.
(bsdi and freebsd fixed this a long time ago...)

PR: 9020
From: pavlin@catarina.usc.edu
1999-12-20 05:46:33 +00:00
itojun
abddb5f851 do not overwrite traffic class field when we write IPv6 version field. 1999-12-15 06:28:43 +00:00
is
43aa150a4e Handle packets to 255.255.255.255 like multicast packets. Fixes PR 7682 by
Darren Reed.
1999-12-13 17:04:11 +00:00