Commit Graph

419 Commits

Author SHA1 Message Date
thorpej e2a99027d2 Add missing (implied) int to a variable declaration. 1997-11-20 19:12:41 +00:00
thorpej ad1ef53725 Deal with a problem where ephemeral port shortage would case a PCB's
local address to be set, causing all further attemps to bind that PCB
to fail.  From Koji Imada, PR #3857.
1997-11-20 04:53:37 +00:00
mrg fc911d1529 fix checksum problems (from marc boucher via darren reed). 1997-11-17 14:33:46 +00:00
mycroft 466fb6d0db On output, if the packet length doesn't match the length in the IP header,
drop the packet with EINVAL.
1997-11-16 20:58:18 +00:00
mrg 84ecff38c2 merge ip-filter 3.2.1 1997-11-14 12:40:06 +00:00
mrg 61cbfaca09 import ip-filter 3.2.1 1997-11-14 08:03:01 +00:00
kml 3b9fc85803 Remove an extraneous call to rtfree() in the path mtu discovery code;
this was causing negative reference counts on routes...
1997-11-11 21:10:50 +00:00
kml 86275dc497 TCP MSS fixes to provide cleaner slow-start and recovery. 1997-11-08 02:35:22 +00:00
gwr 011d063b25 Get rid of the messages: "arp: zero IP addr from ..."
If one really wants to know about those confused PCs
trying to use IP address zero, they can use tcpdump.
1997-10-31 02:54:08 +00:00
mrg 60c28e1f95 sigh. merge ipfilter 3.2 onto the trunk. merge to the branch was a mistake. 1997-10-30 16:08:54 +00:00
mrg 44c002beb1 import ip-filter 3.2 1997-10-30 05:27:24 +00:00
kml 560395f6f4 Changes to path MTU discovery to correctly handle "needs
fragmentation" ICMP messages that specify a new MTU size of zero
(from, say, old buggy Linux kernels).
1997-10-29 05:28:44 +00:00
kml c8e01708d1 remove extraneous icmp_do_mtudisc 1997-10-18 21:21:28 +00:00
kml 6b86b260cb change sysctl net.inet.icmp.mtudisc to net.inet.ip.mtudisc 1997-10-18 21:18:28 +00:00
kml 323c04642b Path MTU Discovery support. This is turned off by default.
Use sysctl -w net.inet.icmp.mtudisc=1 to turn on.
Still to come:  path removal after some period, black hole detection
1997-10-17 22:12:14 +00:00
thorpej 10f29f9bcb Allow `subnetsarelocal' to be changed via sysctl. 1997-10-17 21:20:49 +00:00
thorpej b174d20bc1 Define IP_RETURNMTU. (Matt missed this part of his diff, I guess :-) 1997-10-14 08:38:01 +00:00
matt 8c42ff649b Add support for returning maximum supported MTU when ip_output fails with
EMSGSIZE.
1997-10-14 00:52:39 +00:00
explorer 80513cb5ae o Make usage of /dev/random dependant on
pseudo-device   rnd                     # /dev/random and in-kernel generator
  in config files.

o Add declaration to all architectures.

o Clean up copyright message in rnd.c, rnd.h, and rndpool.c to include
  that this code is derived in part from Ted Tyso's linux code.
1997-10-13 00:46:08 +00:00
explorer 790e114732 Add hooks to use the kernel random system to generate TCP sequence numbers. 1997-10-10 01:51:07 +00:00
thorpej 67a3811e05 Fix an oversight in my previous MSS-related changes:
Basically, in silly window avoidance, don't use the raw MSS we advertised
to the peer.  What we really want here is the _expected_ size of received
segments, so we need to account for the path MTU (eventually; right now,
the interface MTU for "local" addresses and loopback or tcp_mssdflt for
non-local addresses).  Without this, silly window avoidance would never
kick in if we advertised a very large (e.g. ~64k) MSS to the peer.
1997-10-08 16:32:48 +00:00
is fabb33431c Reimplement a test for broadcast addresses advertized, which was left out
when rewriting the ARP system.
1997-10-02 19:41:56 +00:00
thorpej 4ed600dbd0 Fix several annoyances related to MSS handling in BSD TCP:
- Don't overload t_maxseg.  Previous behavior was to set it to the min
  of the peer's advertised MSS, our advertised MSS, and tcp_mssdflt
  (for non-local networks).  This breaks PMTU discovery running on
  either host.  Instead, remember the MSS we advertise, and use it
  as appropriate (in silly window avoidance).
- Per last bullet, split tcp_mss() into several functions for handling
  MSS (ours and peer's), and performing various tasks when a connection
  becomes ESTABLISHED.
- Introduce a new function, tcp_segsize(), which computes the max size
  for every segment transmitted in tcp_output().  This will eventually
  be used to hook in PMTU discovery.
1997-09-22 21:49:55 +00:00
thorpej de572198ad Implement in_pcbrtentry() - return the route associated with a PCB. If
one does not exist, attempt to allocate one.  This is mostly pulled from
tcp_input.c.
1997-09-22 21:39:40 +00:00
veego 4508fb4354 Resolve conflicts from the merge of ipf 3.2beta5. 1997-09-21 18:00:54 +00:00
veego 985ac74a98 Import ip-filter 3.2beta5 1997-09-21 16:47:50 +00:00
drochner d8f1d9401e Adjust packet len in mbuf header for incoming broadcasts.
Closes PR kern/4087 (by myself).
1997-09-12 10:58:31 +00:00
gwr c74236bfc9 Tweaks to allow operation with an interface address of 0.0.0.0
(needed for NFS mountroot using BOOTP to get boot parameters)
1997-08-29 16:02:41 +00:00
matt b2b8155618 Add IPPROTO_ESP and IPPROTO_AH defines. 1997-08-27 17:05:34 +00:00
thorpej ca0bba0081 Add ICMP unreachable code #13 - "Communication Administratively Prohibited",
per RFC 1716.  From Havard Eidnes <he@vader.runit.sintef.no>, PR #4038.
1997-08-26 18:27:53 +00:00
mycroft e76ba36231 Make sure we install the route returned by the upcall before trying to
forward any queued packets.  From Bill Fenner, via Brad Karp.
1997-08-14 06:42:33 +00:00
lukem fcbcbc2234 struct loif is an array of NLOOP (from "loop.h") elements 1997-08-04 06:18:49 +00:00
is 240cc2913e Include file in place of the old netinet/if_ether.h, including stuff from
where it is now, and adding the specialized for Ethernet version of the ARP
structure, for the benefit of programs which are externally (to us) maintained
and not (yet) ported.
XXX This should NOT be used inside the kernel.
1997-07-29 09:10:51 +00:00
thorpej 4cef61d36b Generate dependencies for the TCP_SENDSPACE and TCP_RECVSPACE options. 1997-07-28 22:31:08 +00:00
thorpej db103f4414 Make the following tunable via sysctl, inspired by BSD/OS:
- udp_sendspace
- udp_recvspace
1997-07-28 22:19:53 +00:00
thorpej 758a104426 Make the following tunable via sysctl, inspired by BSD/OS:
- tcp_sendspace
- tcp_recvspace
- tcp_mssdflt
- tcp_syn_cache_limit
- tcp_syn_bucket_limit
- tcp_syn_cache_timer
1997-07-28 22:18:48 +00:00
thorpej 402ae96361 Garbage-collect some "extern"s. 1997-07-28 22:07:38 +00:00
thorpej e794123006 Fix a rather severe bug in handling of incoming SYNs for peer/port values
which happen to have a TCB in TIME_WAIT, where an mbuf which had been
advanced past the IP+TCP headers and TCP options would be reused as if
it had not been advanced.  Problem found by Juergen Hannken-Illjes, who
also suggested a work-around on which this fix is based.
1997-07-28 01:07:48 +00:00
thorpej efa8881dbe Pull SYN_cache_branch down into the main line. 1997-07-23 21:26:40 +00:00
kleink 512b9c1d90 Nuke an `#ifdef sparc' conditional around ntohs() usage: this (1) is incomplete
and (2) makes no difference anyway.  Also, minor KNF.
1997-07-21 16:53:47 +00:00
kleink b2bead304f Fix a misplaced brace which caused NAT list corruption; from Dave Huang
<khym@bga.com> in PR kern/3872.
1997-07-16 11:06:07 +00:00
mrg 02e5531ec7 put back IPFILTER_DEFAULT_BLOCK, as documented in options(4). 1997-07-08 05:54:02 +00:00
veego 29fcbcb000 Use FR_PASS for IPF_DEFAULT_PASS. This can be overwritten with an
options IPF_DEFAULT_PASS=FR_BLOCK in your config file.
1997-07-07 23:08:22 +00:00
fvdl 413872caa0 Get rid of (void) cast to KFREE, as it may be a macro, in which case
the cast will be a syntax error.
1997-07-07 22:21:21 +00:00
phil ccfe711608 Protect against double inclusion. PR 3524. 1997-07-07 20:57:46 +00:00
thorpej ba90103dd6 The fingerprint of (*fr_checkp)() is the same if compiling in kernel
or user code.
1997-07-06 22:32:34 +00:00
thorpej e0acb98b94 Fix an old and obscure TCP bug, brought to my attention by Bill Fenner,
fixed in FreeBSD by John Polstra:

Fix a bug (apparently very old) that can cause a TCP connection to
be dropped when it has an unusual traffic pattern.  For full details
as well as a test case that demonstrates the failure, see the
referenced PR (FreeBSD's kern/3998).

   Under certain circumstances involving the persist state, it is
   possible for the receive side's tp->rcv_nxt to advance beyond its
   tp->rcv_adv.  This causes (tp->rcv_adv - tp->rcv_nxt) to become
   negative.  However, in the code affected by this fix, that difference
   was interpreted as an unsigned number by max().  Since it was
   negative, it was taken as a huge unsigned number.  The effect was
   to cause the receiver to believe that its receive window had negative
   size, thereby rejecting all received segments including ACKs.  As
   the test case shows, this led to fruitless retransmissions and
   eventually to a dropped connection.  Even connections using the
   loopback interface could be dropped.  The fix substitutes the signed
   imax() for the unsigned max() function.

Bill informs me that his research indicates this bug appeared in Reno.
1997-07-06 07:04:34 +00:00
thorpej b19b36aff5 Restore original RCS IDs. 1997-07-06 05:29:13 +00:00
thorpej 329a831bd5 Deal with a bogus warning from -Wuninitialized. 1997-07-06 05:14:08 +00:00
thorpej 0feb054b62 - Add a missing #ifdef SOLARIS
- Properly prototype ipfilterattach()/iplattach().
1997-07-06 05:13:40 +00:00
thorpej c68633278f - Add a prototype for fixskip() so that this file compiles.
- Fix, ONCE AGAIN, semantics of ipfilterattach().  This time, not only
  was it semantically broken, it wasn't even close to compiling!
1997-07-06 05:13:00 +00:00
thorpej 3fb8ff16e8 The sheer number of #ifdef's around it should have been a hint that
#include <machine/mtpr.h> isn't something you're supposed to do in
NetBSD.
1997-07-06 05:11:28 +00:00
thorpej ab01c534f6 Fix a bug caught by gcc: add parenthesis to properly group a test. 1997-07-06 05:10:41 +00:00
thorpej 90c43e78e2 Import yet another missing piece of IPFilter 3.2beta1. 1997-07-06 05:02:26 +00:00
thorpej 5a85b0d9fa Import ip_auth.h from IPFilter 3.2beta1; this was missed during the
upgrade.
1997-07-06 04:58:52 +00:00
darrenr 729f0dc597 fix conflicts from import 1997-07-05 05:38:14 +00:00
thorpej 9bf15b8b78 Don't adjust ip->ip_len before calling icmp_error(); icmp_error() already
does this.  Per Stevens in TCP/IP Illustrated Vol. 2, p.774, submitted
by Koji Imada <koji@math.human.nagoya-u.ac.jp>.
1997-06-24 19:31:34 +00:00
thorpej a0e791807e Eliminate use of dtom() from the network code, allowing more flexible
use of mbuf external storage and increasing performance (by eliminating
an m_pullup() for clusters in the IP reassembly code).

Changes from Koji Imada <koji@math.human.nagoya-u.ac.jp>, in PR #3628
and #3480, with ever-so-slight integration changes by me.
1997-06-24 02:25:59 +00:00
thorpej b791871522 Increment icmpstat.icps_badlen for bad length of ICMP_MASKREQ, per
Stevens in TCP/IP Illustrated vol. 2, p.319.  Submitted by
Koji Imada <koji@math.human.nagoya-u.ac.jp> in PR #3712.
1997-06-24 01:26:19 +00:00
kleink b8377e5395 As per RFC 793, don't retransmit the FIN during a simultaneous close.
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3737
and TCP/IP Illustrated, Vol. 2, respectively.
1997-06-18 10:05:44 +00:00
mrg c258d0d05e make it "options IPFILTER_DEFAULT_BLOCK". 1997-06-16 13:38:05 +00:00
kleink 8fb48a5db9 Eliminate a superflouus `if' statement: when detaching the TCP protocol from
a socket, just calling tcp_disconnect() on the tcpcb will do the right thing.
From Thorsten Frueauf <frueauf@ira.uka.de> and W. Richard Stevens in PR/3738
resp. TCP/IP Illustrated, Vol. 2.
1997-06-12 18:41:14 +00:00
kml 6a233e37f6 Fix urgent pointer overflow problems when used with large windows 1997-06-03 16:17:09 +00:00
thorpej 5b0d69d6a8 In ipl_disable(), don't conditionalize the "fr_checkp = fr_savep"
operation, since:
	- in ipl_enable(), "fr_savep = fr_checkp" is not conditionalized
	  in the same way (not at all), and
	- without this change, it was not possible to enable, disable,
	  and reenable ipfilter.
1997-06-01 06:57:09 +00:00
thorpej a464ced388 Change the aps_tout member of struct ap_session from time_t to u_long
so that it can be passed to the filter rule aging functions, which
expect a pointer to a u_long.  (time_t is an int on the alpha.)
1997-05-28 04:59:34 +00:00
thorpej fa7df10d8b Put the #ifndef _KERNEL prototype of get_unit() in <netinet/ip_fil.h>
since it is needed by other files, in order to compile on 64-bit
architectures.
1997-05-28 04:48:47 +00:00
thorpej 41d4822677 Resolve conflicts from merge of 3.2a7, take 2. Also, eliminate some
silly differences between the NetBSD copy of the code and the
vendor branch, keeping only those which are necessary.  Of those
differences that currently exist, several "portability to NetBSD"
issues, which will be fed back to the ipfilter author.
1997-05-28 00:17:11 +00:00
gwr 3cb60b969d Allow revarpwhoami() to be called multiple times.
(Just return the answer if we already have it.)
Without this, the RB_ASKNAME loop fails on every
call to nfs_mountroot after the first call.
1997-05-27 23:14:44 +00:00
thorpej 67a6c44c15 Make this compile on 32-bit architectures again:
- Pull in includes to get appropriate prototypes.
1997-05-27 01:24:31 +00:00
thorpej faeb45fcca Make this compile on 32-bit architectures:
- Add prototypes.
- Add a forward-decl to avoid a cyclic dependency graph.
1997-05-27 01:23:50 +00:00
thorpej 03e37a1874 Make this compile on 32-bit architectures:
- Deal with lame gcc -Wuninitialized warning (which is incorrect)
- Add parens around assignments within conditionals.
1997-05-27 01:22:52 +00:00
thorpej 77a115108c Make this compile on 32-bit architecutres again:
- Get arguments to ioctl right (cmd is a u_long in NetBSD)
1997-05-27 01:21:33 +00:00
thorpej 55323c48ca Make this compile on 32-bit architectures again:
- Add prototypes.
- Get arguments to ioctl right (cmd is a u_long in NetBSD)
1997-05-27 01:20:46 +00:00
thorpej 5d1bb7474a Make this compile on 32-bit architectures:
- Add prototypes.
- garbage-collect unused variables.
1997-05-27 01:19:48 +00:00
thorpej 6c873135ee Make this compile on 32-bit architectures again:
- garbage-collect unused variables.
1997-05-27 01:18:47 +00:00
thorpej e8e871e8ca Make this compile on 32-bit architectures again:
- Don't prototype functions that don't exist, and do prototype those
  that do.
- Get ioctl arguments right (cmd is a u_long in NetBSD).
1997-05-27 01:17:04 +00:00
thorpej a09051fa6d Make this compile on 32-bit architectures again:
- Fix a really obvious error: ipl_enable() disappeared, but the guts of
  the function were scrunched into the "no-op" BSD pseudo-device attach
  routine.  Would not compile, because of non-void return from a void
  function.  Fixed by reincarnating ipl_enable(), and reimplementing
  the no-op pseudo-device attach.
- #ifdef as appropriate to remove unused variable warnings.
- Call ipl_enable() in iplinit(), rather than the no-op ipfilterattach().
1997-05-27 01:15:21 +00:00
thorpej 8ead9b88e8 Make this compile on 32-bit architectures again:
- garbage-collect unused variables, or #ifdef them as appropriate.
1997-05-27 01:09:13 +00:00
darrenr ea9bbec5f5 remove extra #endif 1997-05-26 17:57:21 +00:00
darrenr 27be4b8f04 Import new sources for 3.2alpha7
(blah, someone want to clean away /cvsroot/sys/netinet ?)
1997-05-26 15:18:15 +00:00
darrenr 29fab67628 fix conflicts 1997-05-25 12:40:11 +00:00
christos 118a33df24 - Fix indentation of the nested conditionals. It was inconsistent in places.
- Make this compile and work without IPFILTER_LOG, and disable logging by
  default. This can be re-enabled now as a kernel option.
1997-04-15 00:44:42 +00:00
christos ae60a7c343 Fix SPLNET() conditional to work for NetBSD1_0+, not just the named versions. 1997-04-15 00:42:54 +00:00
christos 0659cacda6 Move the mtod calls *after* we've made sure that the packet has passed the
filter successfully. Otherwise it can be NULL if the filter blocked it,
and we die. How did this ever work?
1997-04-15 00:41:52 +00:00
jtk e096ee0e10 add newlines at end of debugging log messages which were missing them 1997-04-07 01:48:30 +00:00
cgd ce54b19fd3 include <stdlib.h> if !_KERNEL for malloc declaration/proto 1997-04-04 01:53:22 +00:00
cgd c492daaa6e fix ... potentially fatal typo (s/unix/unit/) 1997-04-03 00:57:03 +00:00
augustss c56286529c Make it compile again by removing a cast to void of KFREE(). KFREE expands
to a statement, not an expression.
1997-04-01 00:07:07 +00:00
thorpej 0684baea63 Define control device names here; they're needed by kernel and userland. 1997-03-29 19:50:51 +00:00
darrenr 4d1eb7820e use IPLLOG instead of ipllog to easily mask parameters, fix up prototype
problems for compiling to user programs.
1997-03-29 04:39:15 +00:00
thorpej 169a339c7d Centralize the check for NetBSD PFIL_HOOKS code into ip_fil.h, and use
it consistently.
1997-03-29 03:05:14 +00:00
thorpej 7845ea0d16 Fix an ... interesting bug that resulted from namespace collision.
Description:

	- A BSD pseudo-device initialization routine is declared as
		void <pseudo-device name>attach __P((int count));
	  in ioconf.c by config(8).  main() calls these functions
	  from a table.

	- IP Filter has functions iplattach() and ipldetach() (or,
	  in the NetBSD case, were erroneously renamed ipfilterattach()
	  and ipfilterdetach()).  These functions are used to establish
	  and disestablish the IP Filter "filter rule check" hook in
	  the IP input/output stream.  They are declared:
		int iplattach __P((void));
		int ipldetach __P((void));
	  ..and are expected to return a value by iplioctl().

	- When main() calls (by sheer coincidence!) iplattach(),
	  the filter hook is established, and the IP Filter machinery
	  labeled as "initialized".  This causes all packets, whether or
	  not the user intents to use filter rules, to be passed to
	  the filter rule checker if "ipfilter" is configured into the
	  kernel.

	- As a result of the above, a kludge existed to default to
	  passing all packets (I can only assume that when this was
	  originally committed, the symptom of the bug was noticed by
	  the integrator, but the bug not actually found/fixed).

	- In iplioctl(), if the SIOCFRENB ioctl is issued with an
	  argument of "enable" (i.e. user executed "ipf -E"), iplattach()
	  will notice that the machinery is already initialized and
	  return EBUSY.

Fix:

	- Rename iplattach()/ipldetach() to ipl_enable() and ipl_disable().

	- Create a pseudo-device entry stub named ipfilterattach()
	  (NetBSD case) or iplattach() (all other).  This is a noop; none
	  of the machinery should be initialized until the caller expicitly
	  enables the filter with ipf -E.  Add a comment to note that.
1997-03-29 01:57:55 +00:00
thorpej f30d8f327f Resolve conflicts from merge.
XXX !!! XXX !!!
I noticed a few semi-serious bugs while doing this merge, one of which
has existed for a fairly long time.  Some of them are addressed in this
commit (because they caused the kernel to not compile), and are annoted
by "XXX" and "--thorpej".  The other one will be addressed shortly in
a future commit, and, as far as I can tell, affects all operating systems
which IP Filter supports.
1997-03-29 00:54:55 +00:00
is 4555777c80 Fix several bugs related to the new ARP code, and ARCnet ARP support.
Among other, add ARPHRD_ARCNET definition, make sure the hardware type is
set on outgoing ARP packets, make sure we dont send out replies as broadcasts.
1997-03-23 01:22:35 +00:00
cgd a8bb00476f ioctl commands are u_longs 1997-03-18 07:14:45 +00:00
is 57f2f47e2c move if_arc.h to sys/net 1997-03-16 23:27:07 +00:00
is 07b064e02e New ARP system, supports IPv4 over any hardware link.
Some of the stuff (e.g., rarpd, bootpd, dhcpd etc., libsa) still will
only support Ethernet. Tcpdump itself should be ok, but libpcap needs
lot of work.

For the detailed change history, look at the commit log entries for
the is-newarp branch.
1997-03-15 18:09:08 +00:00
mrg 78cd2f6f78 allow src-routed packetd by default, per host requirements 1997-02-26 04:09:32 +00:00
cjs 8a449a258b Add net.inet.ip.allowsrcrt option which allows/drops all source
routed packets. This currently defaults to `drop,' but once we
verify  that all applications that rely on determining remote IP
addresses for authentication are dropping the connection when they
see a source route option (not just disabling the source route
option), we can turn this back on and conform with the host
requirements.
1997-02-25 08:35:41 +00:00
scottr 54b157939d Don't include ipfilter.h if building an LKM. 1997-02-19 23:07:57 +00:00
cjs 788bcc9857 Fix bug in sysctl net.inet.ip.forwsrcrt handing: now you can read it
if securelevel > 0. (Thanks, cgd.)
1997-02-19 08:30:04 +00:00
mrg 4c8bfe2630 pseudo-device ipfilter brings in PFIL_HOOKS. 1997-02-18 20:49:32 +00:00
thorpej b21c166228 ioctl cmd arguments are u_long, not int. Pointed out by
Fred L. Templin <templin@nas.nasa.gov>
1997-01-29 02:16:23 +00:00
mikel 9be91c7fb4 fix my typo; found by Klaus Klein <kleink@layla.inka.de> 1997-01-17 17:06:06 +00:00
mikel 313f6180e6 add prototypes for ethers(3) functions; fixes PR 2471.
fix suggested by Jason Thorpe.
1997-01-17 08:17:57 +00:00
gwr e1cb27e32f sync with if_ether.h 1997-01-15 18:19:35 +00:00
thorpej 9df1988ac8 Implement the IP_RECVIF socket option: supply a datagram packet's incoming
interface using a sockaddr_dl in a control mbuf.

Implement SO_TIMESTAMP for IP datagrams.

Move packet information option processing into a generic function
so that they work with multicast UDP and raw IP as well as unicast UDP.

Contributed by Bill Fenner <fenner@parc.xerox.com>.
1997-01-11 05:21:07 +00:00
veego d61e3f8c25 ipl[attach|detach]->ipfilter[attach|detach] for the pseudo-device change 1997-01-08 21:45:39 +00:00
mrg 9cc6a2a495 remove some old debugging statements. 1997-01-07 10:51:01 +00:00
veego 473d4f54d1 Add $NetBSD$ id's and restore the orginal Id's. 1997-01-05 21:32:18 +00:00
veego 25bcda3b52 Add $NetBSD$ id's and restore the orginal Id's. 1997-01-05 21:32:17 +00:00
veego 47517abd07 Add $NetBSD$ id's and restore the orginal Id's. 1997-01-05 21:32:14 +00:00
mrg c1067a3f4b initial import of darren reed's ip-filter, version 3.1.2. 1997-01-05 13:47:59 +00:00
mrg 5e5291f97b always reassign ip after calling function. 1996-12-20 09:08:16 +00:00
mrg 04ce281a19 in pfil_hooks: always reassign ip after calling hook. 1996-12-20 09:08:14 +00:00
mrg 15eaee8d6f in pfil_hooks: always reassign ip after calling hook. 1996-12-20 08:39:29 +00:00
mrg a24be0b669 remove pfil_bad. 1996-12-20 08:39:27 +00:00
mycroft ef60fc0bad Minor change to a comment. 1996-12-11 01:55:50 +00:00
mycroft 315bb1ab50 Fix RTT scaling problems introduced with Brakmo and Peterson changes. 1996-12-10 18:20:19 +00:00
mycroft a26a19aeda Return EAGAIN if binding with no specified port and the pool is empty. 1996-12-10 11:38:42 +00:00
thorpej 096b0d6c6e In udp_output(), sanity check the length of the packet to be transmitted.
If it's larger than IP_MAXPACKET, return an error condition.
Based on a patch from Bill Fenner <fenner@parc.xerox.com>
1996-10-25 06:35:16 +00:00
thorpej 59bbc2199e In rip_output(), sanity check the length of the packet to be transmitted.
If it's larger than IP_MAXPACKET, return an error condition.
Based on a patch from Bill Fenner <fenner@parc.xerox.com>
1996-10-25 06:33:36 +00:00
thorpej e55c8a9c7e Before concatenating frags, sanity check the length of the packet. If it's
larger than IP_MAXPACKET, discard it.
Based on a patch from Bill Fenner <fenner@parc.xerox.com>
1996-10-25 06:30:32 +00:00
thorpej 65c188b3c7 Make length and offset fields unsigned. From Kevin M. Lahey <kml@nas.nasa.gov>
Add a counter to IP stats, to count packets which are discarded on the
grounds that they are too large.
1996-10-25 06:24:16 +00:00
thorpej ee34a9ab6d Make length and offset fields unsigned. From Kevin M. Lahey <kml@nas.nasa.gov> 1996-10-25 06:22:24 +00:00
veego b962d9a3eb Fix a panic from the pfil_hooks. 1996-10-22 11:27:05 +00:00
ws 31bdb14ed5 Rename recently checked in KGDB to IPKDB to resolve conflicts with older KGDB 1996-10-16 19:32:08 +00:00
christos ad67e04154 backout previous kprintf change 1996-10-13 16:50:51 +00:00
christos 5545959d0b backout previous kprintf changes 1996-10-13 02:03:00 +00:00
is 08899f4a1b Fix a mbuf leak in ip_output().
Scenario: If ip_insertoptions() prepends a new mbuf to the chain, the
bad: label's m_freem(m0) still would free only the original mbuf chain
if the transmission failed for, e.g., no route to host; resulting in
one lost mbuf per failed packet. (The original posting included a
demonstration program).

Original report of this bug was by jinmei@isl.rdc.toshiba.co.jp
(JINMEI Tatuya) on comp.bugs.4bsd.
1996-10-11 18:19:08 +00:00
christos 6d7ad25bea printf -> kprintf, sprintf -> ksprintf 1996-10-10 23:12:43 +00:00
christos 2768f040b3 - fix NSIP; it referenced non-existing functions. 1996-10-10 23:04:26 +00:00
thorpej 63a2506f79 Merge netbsd-1-2 branch back into mainline. 1996-10-09 01:15:04 +00:00
ws 093a00671f Add (and change) machine independent files for KGDB support 1996-09-30 16:16:45 +00:00
perry 17fcad6b2c commit fix in pr 2772 -- the IP input code was assuming that the
reserved (must be zero) flag must necessarily be zero. We now define
an IP_RF (by analogy to IP_DF and IP_MF) and mask it out when necessary.
1996-09-21 19:44:32 +00:00
mycroft d6121891ef Overlay inp_faddr and inp_laddr into the header prototype. 1996-09-17 17:10:20 +00:00
mycroft 457b1b1333 Make sure the sin_zero fields are filled. 1996-09-16 17:45:17 +00:00
mycroft 9bfa240a98 Hash unconnected PCBs. 1996-09-15 18:11:06 +00:00
mrg a5f00f16bc move the packet filter hooks in to a saner location. while i'm here, rename
PACKET_FILTER to PFIL_HOOKS.
1996-09-14 14:40:20 +00:00
mrg 4b851a2d9b remove an unused variable. 1996-09-14 12:35:07 +00:00
mrg df4a844f44 forward decl. struct mbuf (for now). 1996-09-12 23:11:40 +00:00
explorer f5a52c4260 Move an #ifdef _KERNEL up above all the packet filter stuff. This
could very well break the packet filter stuff, but it will make things
like rcp.c compile, and rcp.c should not need to include sys/mbuf.h
to do so...
1996-09-12 22:56:03 +00:00
mycroft da2cd7eb82 If we're in SYN-SENT or SYN-RECEIVED state, don't reset the keepalive
timer until we transition to ESTABLISHED state.  Suggested by TCP/IP
vol 3.
1996-09-10 23:26:05 +00:00
mycroft 9bb1acd303 Rework the token bucket filter to use a list of packets rather than a static
array.  Also, fix several memory leaks.  From Bill Fenner.
1996-09-09 17:14:04 +00:00
mycroft 23437fc3d2 Cosmetic changes, some from Bill Fenner. 1996-09-09 17:09:50 +00:00
mycroft 62a6cce9ca Add in_nullhost() and in_hosteq() macros, to hide some protocol
details.  Also, fix a bug in TCP wrt SYN+URG packets.
1996-09-09 14:51:07 +00:00
mycroft f5c7d8bcc1 Save 68 bytes of the packet for ICMP, not 64. From Laine Stump, PR 2296. 1996-09-08 15:49:43 +00:00
mrg e27343e07d fix a couple of minor nits after discussions with jason. 1996-09-07 04:55:16 +00:00
mrg ae47956db0 add packet filter interface code. see pfil(9) for more details. you
need the PACKET_FILTER option to enable this code.  currently, ipfilter
version 3.1.1-beta has been converted to use this new interface.
1996-09-06 05:07:43 +00:00
perry 94a217e163 Commit PR 2671, which adds an "IPNOPRIVPORTS" config option that turns
off the code that normally only allows root to bind low TCP
ports. Useful on firewalls and such.
1996-09-05 18:10:03 +00:00