Commit Graph

75 Commits

Author SHA1 Message Date
mrg 5ec6fd267b remove include of <vm/vm.h> 2000-06-28 02:59:32 +00:00
itojun 8a0fabf8cf add missing boundary checks to ip options processing.
correct timestamp option validation (len and ptr upper/lower bound
based on RFC791).
fill "pointer" field for parameter problem in timestamp option processing.
2000-05-10 03:31:30 +00:00
is ab879a6479 Copy M_BCAST and M_MCAST flags when fragmenting a packet (else
Multicast packets won't be send to the correct link layer address
by the interface driver).
By Artur Grabowski, PR 9772.
2000-04-13 11:48:07 +00:00
jdolecek c42f28d24a Since last duplicate prototype cleanup, we need to include
<netinet/ip_mroute.h> to get ip_mforward() prototype if MROUTING
is defined.
2000-03-31 14:31:03 +00:00
augustss 8529438fe6 Remove register declarations. 2000-03-30 12:51:13 +00:00
itojun 2dbc76c437 tabify a line. 2000-03-22 06:10:39 +00:00
itojun 04ac848d6f introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)
2000-03-01 12:49:27 +00:00
darrenr 4b3916780b pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
2000-02-20 00:56:33 +00:00
darrenr fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun 8bd9534970 avoid shared cluster mbuf overwrite on multicast packet loopback.
(bsdi and freebsd fixed this a long time ago...)

PR: 9020
From: pavlin@catarina.usc.edu
1999-12-20 05:46:33 +00:00
is 43aa150a4e Handle packets to 255.255.255.255 like multicast packets. Fixes PR 7682 by
Darren Reed.
1999-12-13 17:04:11 +00:00
itojun ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
thorpej f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
itojun 118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
1999-07-01 08:12:45 +00:00
mrg 7185af78dc oops. move sendit: above the PFIL_HOOKS so that multicast traffic is filtered. from darren reed. 1999-06-07 01:26:04 +00:00
hwr 3fa094f8b5 Don't let packets with a Class-D source address escape the host.
Fixes second half of kern/7003 by Jonathan Stone <jonathan@DSG.Stanford.EDU>.
1999-05-04 19:50:23 +00:00
aidan da1b3a7abf Added per-addr input/output statistics. Currently just support netatalk
and netinet, currently only tested under netinet.

Disabled by default, enabled by compiling the kernel with option
IFA_STATS.  Enabling this feature seems to make the ip_output function
take 13% longer than before, which should be OK for people that need
this feature.
1999-03-27 01:24:49 +00:00
perry d446fb449c exterminate ovbcopy. patches provided by Erik Bertelsen, pr-7145 1999-03-12 22:42:30 +00:00
mycroft 231a906c71 There's just no plausible reason to byte-swap ip_id internally. It's opaque. 1999-01-19 23:39:56 +00:00
thorpej 555784ccd5 Fix byte order and ip_len inconsistencies in ICMP reply code. Also, fix
some formatting and HTONS(foo) vs. foo = htons(foo) inconsistencies.

PR #6602, Darren Reed.
1999-01-11 22:35:06 +00:00
thorpej 12632ebf71 Reverse the copyright-notice-swap. It went against existing practice. 1998-12-19 02:46:12 +00:00
ws ede30e2813 Fix a buglet when looking up an interface for multicast:
Zero out the routing structure before calling the route lookup code
in order to correctly match addresses.
1998-10-26 17:31:01 +00:00
matt 3ad026ac87 vax -> __vax__ (and mips to __mips__ in ultrix_misc.c) 1998-10-20 01:46:27 +00:00
tls c4730d65cf Switch order of TNF and UCB copyrights so UCB copyright is first; this seems more appropriate since UCB wrote the original code, after all. 1998-09-30 21:52:24 +00:00
mrg 4a75265273 defopt PFIL_HOOKS. 1998-08-09 08:58:18 +00:00
sommerfe 534520d815 Fix PR5508: ipfil cut-through forwarding causes panic 1998-07-17 00:28:00 +00:00
matt 5b43c678b7 Only transmit fragments if the send queue of interface can actually hold
all of the fragments.  Use the mtu of route in preference of the MTU of the
interface when doing fragmentation decisions.  (ie. Fragment to the path
mtu if it is available).
1998-04-28 15:26:00 +00:00
kml 96954c2a53 Ensure that we take the IP option length into account when we calculate
the effective maximum send size for TCP.  ip_optlen() and tcp_optlen()
should probably be inlined for efficiency.
1998-03-24 03:10:02 +00:00
mrg 45159fa631 convert pfil(9) in and out lists from <sys/queue.h> LISTs to TAILQs, and
change pfil_add_hook to put output filters at the tail of the queue,
while continuing to place input filters at the head of the queue.  update
the two users of these functions, and document these changes.

fixes PR#4593.
1998-03-19 15:45:30 +00:00
tls 91de585d5f Add correct copyright notice for IP address hash change. This code is donated to TNF by the original copyright holder, Panix. 1998-02-15 18:24:23 +00:00
tls c9934a9084 Change list of interface IP addresses to a hash. Improves performance on hosts with a large number of IP addresses significantly. 1998-02-13 18:21:38 +00:00
kleink a8bd1c7e84 Fix variable declarations: register -> register int. 1998-02-13 10:23:49 +00:00
scottr 54ea074777 Use option header file for MROUTING 1998-01-12 03:02:48 +00:00
lukem c80b4400e5 add the following, derived from FreeBSD:
* IP_PORTRANGE socket option, which controls how the ephemeral ports
  are allocated. it takes the following settings:
	IP_PORTRANGE_DEFAULT	use anonportmin (49152) -> anonportmax (65535)
	IP_PORTRANGE_HIGH	as IP_PORTRANGE_DEFAULT (retained for FreeBSD
				compat reasons, where these are separate)
	IP_PORTRANGE_LOW	use 600 -> 1023. only works if uid==0.
* in_pcb flag INP_ANONPORT. set if port was allocated ephmerally
1998-01-07 22:51:22 +00:00
matt 8c42ff649b Add support for returning maximum supported MTU when ip_output fails with
EMSGSIZE.
1997-10-14 00:52:39 +00:00
christos 0659cacda6 Move the mtod calls *after* we've made sure that the packet has passed the
filter successfully. Otherwise it can be NULL if the filter blocked it,
and we die. How did this ever work?
1997-04-15 00:41:52 +00:00
mrg 4c8bfe2630 pseudo-device ipfilter brings in PFIL_HOOKS. 1997-02-18 20:49:32 +00:00
thorpej 9df1988ac8 Implement the IP_RECVIF socket option: supply a datagram packet's incoming
interface using a sockaddr_dl in a control mbuf.

Implement SO_TIMESTAMP for IP datagrams.

Move packet information option processing into a generic function
so that they work with multicast UDP and raw IP as well as unicast UDP.

Contributed by Bill Fenner <fenner@parc.xerox.com>.
1997-01-11 05:21:07 +00:00
mrg 5e5291f97b always reassign ip after calling function. 1996-12-20 09:08:16 +00:00
mrg 15eaee8d6f in pfil_hooks: always reassign ip after calling hook. 1996-12-20 08:39:29 +00:00
veego b962d9a3eb Fix a panic from the pfil_hooks. 1996-10-22 11:27:05 +00:00
is 08899f4a1b Fix a mbuf leak in ip_output().
Scenario: If ip_insertoptions() prepends a new mbuf to the chain, the
bad: label's m_freem(m0) still would free only the original mbuf chain
if the transmission failed for, e.g., no route to host; resulting in
one lost mbuf per failed packet. (The original posting included a
demonstration program).

Original report of this bug was by jinmei@isl.rdc.toshiba.co.jp
(JINMEI Tatuya) on comp.bugs.4bsd.
1996-10-11 18:19:08 +00:00
mrg a5f00f16bc move the packet filter hooks in to a saner location. while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.
1996-09-14 14:40:20 +00:00
mycroft 62a6cce9ca Add in_nullhost() and in_hosteq() macros, to hide some protocol
details.  Also, fix a bug in TCP wrt SYN+URG packets.
1996-09-09 14:51:07 +00:00
mrg ae47956db0 add packet filter interface code. see pfil(9) for more details. you
need the PACKET_FILTER option to enable this code.  currently, ipfilter
version 3.1.1-beta has been converted to use this new interface.
1996-09-06 05:07:43 +00:00
mrg 32cdb91fa3 two more local addr changes, all done differently now (idea from charles) 1996-02-26 23:16:42 +00:00
christos 14d9cd33af netinet prototypes 1996-02-13 23:40:59 +00:00
cgd 5b435dbf05 null mbuf pointer could cause system crash; avoid it. From
Torsten Duwe <duwe@immd4.informatik.uni-erlangen.de>.
1995-07-01 03:44:55 +00:00
mycroft 6897f39ae9 Various cleanup, including:
* Convert several data structures to use queue.h.
* Split in_pcbnotify() into two parts; one for notifying a specific PCB, and
one for notifying all PCBs for a particular foreign address.
1995-06-12 00:46:47 +00:00