6c30816c15
Fix a slight error in previous. Rearrange some code in tcp_respond() so
...
that a DIAGNOSTIC check against the destination address is actually
checking the destination address. "oops."
1999-01-26 08:28:50 +00:00
8ede79f2b4
One more tweak to the checksum hack, and I promise I'm done. B-)
1999-01-25 15:53:29 +00:00
50438b6df0
Absolutely minor tweak to generate better code.
1999-01-25 15:36:50 +00:00
70e6acdfef
Update the comment about the checksum hack. It was way out of date.
1999-01-24 13:34:35 +00:00
94895652e1
Modify the checksum slightly so that the htons()s can all be combined.
1999-01-24 12:57:38 +00:00
a58f271406
Oops, forgot to update copyright notice in previous.
1999-01-24 01:21:18 +00:00
86e2c3fbc6
* Completely rewrite syn_cache_respond().
...
- Don't use tcp_respond(), instead create the tcp/ip header from scratch,
and send it ourself.
- Reuse the mbuf that carried the SYN, or allocate one if that is not
available.
- Cache the route we look up to do the Path MTU Discovery check, and
transfer the reference to that route to the inpcb when the connection
completes.
* Macro'ize a small, but often repeated code fragment.
1999-01-24 01:19:28 +00:00
b790730226
Fix problems with fr_tcpsum() that prevented the FTP proxy from working.
1999-01-23 08:50:52 +00:00
a43786143f
Fix a problem pointed out by Charles Hannum; DF wasn't being set in
...
SYN,ACK packets during Path MTU Discovery. Fix tcp_respond() to do the
appropriate route lookup and set DF as appropriate.
Also, fixup similar code in tcp_output() to relookup the route if it
is down.
1999-01-20 03:39:54 +00:00
231a906c71
There's just no plausible reason to byte-swap ip_id internally. It's opaque.
1999-01-19 23:39:56 +00:00
7eeb5a04da
Don't screw with ip_len; just subtract from it where we actually use the
...
value.
1999-01-19 23:03:20 +00:00
d3ea3de1af
Fix byte-swapping of ip_len in returned IP header.
1999-01-19 22:10:42 +00:00
fc1211a6ab
Don't overwrite the checksum fields when checking them. There's no reason to
...
do this, and it screws up ICMP replies.
XXX The returned IP checksum and length are still wrong.
1999-01-19 21:58:40 +00:00
4b0e6bb4dc
Domains are associated with protocol families, not address families.
1999-01-14 01:16:55 +00:00
98d3903da8
Use the count supplied to the pseudo-device attach routine to dynamically
...
allocate (once) the ipip_softc array; don't assume NIPIP contains the count.
1999-01-13 23:01:20 +00:00
555784ccd5
Fix byte order and ip_len inconsistencies in ICMP reply code. Also, fix
...
some formatting and HTONS(foo) vs. foo = htons(foo) inconsistencies.
PR #6602 , Darren Reed.
1999-01-11 22:35:06 +00:00
6ae68b4feb
Pull the IP-in-IP tunneling support out of the GRE code. It's not handled
...
by a separate IP-IP input path.
XXX Should eventually do the same thing for IPPROTO_MOBILE.
1999-01-11 21:32:13 +00:00
9508f259bf
Adjust for the new IP-IP input path. mrt_ipip_input() is called from
...
ipip_input(), and returns non-zero if mrt_ipip_input() handled the
packet.
XXX Eventually, the multicast code should probably use regular IP-IP
XXX `interfaces', but mrouted knows about the VIF table, etc.
1999-01-11 21:31:03 +00:00
9d996b9e4e
Adjust for the new IP-IP input path.
1999-01-11 21:28:28 +00:00
9f9be750f6
Separate out the IP-in-IP implementation from the GRE code. This cleans
...
up the interface to ip_mroute.c somewhat, and properly separates IP-IP
from GRE. (They are similar, but they are different protocols, and should
not be implemented in the same place.)
1999-01-11 21:26:53 +00:00
5f69dedb2c
ipip_input() -> mrt_ipip_input().
1998-12-22 02:51:32 +00:00
54377d1212
Simplify the tunnel lookup routine.
1998-12-22 01:49:04 +00:00
12632ebf71
Reverse the copyright-notice-swap. It went against existing practice.
1998-12-19 02:46:12 +00:00
4f177aec90
Add a lock around the TCPCB's sequence queue, to prevent tcp_drain()
...
from corrupting the queue if called from a device's interrupt context.
Similar in nature to the problem reported in PR #5684 .
1998-12-18 21:38:02 +00:00
ca15e01c76
Add a lock around the IP fragment reassembly queue, to prevent ip_drain()
...
from corrupting the queue if called from a device's interrupt context.
Should fix PR #5684 .
1998-12-18 21:35:11 +00:00
93454aafc6
Delay sending if SS_MORETOCOME is set in so_state. This avoids the case
...
where the user issued a write with a length greater than MLEN but less
than MINCLSIZE, thus causing two mbufs to be used. The loop in sosend()
would then call PRU_SEND twice, causing TCP to transmit 2 packets when
it could have transmitted one.
Suggested by Justin Walker <justin@apple.com> on the freebsd-net
mailing list.
1998-12-16 00:33:14 +00:00
2f2fd097ef
remove this insanity. appeared with ipfilter 3.2.10...
1998-12-11 23:47:16 +00:00
914642e439
correction to the previous: protect against _LKM too
...
pointed out by Todd Whitesel <toddpw@best.com>
1998-12-11 11:57:33 +00:00
36b809fed6
correcton tp previous: don't try to include kernel option headers in
...
userland
fixes PR kern/6561 (Takahiro Kambe)
1998-12-11 09:15:42 +00:00
ce96f9960a
defopt IPFILTER_LOG
1998-12-10 15:50:59 +00:00
c7578c510a
defopt
1998-12-10 11:01:01 +00:00
a94214bdd0
add a patch from darren reed, to make ipfilter use our cksum routine.
1998-11-26 12:21:47 +00:00
0cdf66e377
Fragments should start with a header mbuf allocated by MGETHDR()
1998-11-25 21:13:58 +00:00
4dd9bebb58
add two more prototypes. noted missing by mjacob.
1998-11-22 23:30:36 +00:00
78db9d7d95
merge ipf 3.2.10
1998-11-22 15:17:18 +00:00
0cd1643609
if INADDR_ANY is given in in_pcbconnect(), choose the ia_addr of the first
...
interface, not the ia_broadaddr. should fix [standards/5645] and [kern/6425]
1998-11-16 05:47:19 +00:00
1658ac64a8
fix the previous: "securelevel" in kernel only
1998-11-15 17:36:19 +00:00
da1c106b85
In 'highly secure' mode (securelevel >= 2), the filter lists may not be tampered with. It might be desirable to allow enabling of preset filter lists, but it seems too good a candidate for a denial-of-service attack, so we don't.
1998-11-14 07:42:37 +00:00
cc41dfe747
simplify test in in_pcbbind() for setting wild=1; no need to check if
...
((so->so_proto->pr_flags & PR_CONNREQUIRED) == 0 ||
(so->so_options & SO_ACCEPTCONN) == 0)
since the latter is always true, so the former test in unnecessary.
from `TCP/IP Illustrated, Volume 2', W. Richard Stevens, p 730.
1998-11-13 10:50:10 +00:00
0e3a0a7f80
Once a fragmented IP packet has been reassembled, recompute the packet
...
length before passing it up the stack. From FreeBSD.
1998-11-13 03:24:22 +00:00
ede30e2813
Fix a buglet when looking up an interface for multicast:
...
Zero out the routing structure before calling the route lookup code
in order to correctly match addresses.
1998-10-26 17:31:01 +00:00
3ad026ac87
vax -> __vax__ (and mips to __mips__ in ultrix_misc.c)
1998-10-20 01:46:27 +00:00
cd7e3136ad
Use ETHERTYPE_ATALK instead of ETHERTYPE_AT. The former seems more common.
...
Our other constants also use "ATALK".
Added many new ETHERTYPE constants to sys/net/ethertypes.h, including the
ones from libpcap and tcpdump "ethertype.h" files.
1998-10-13 02:34:31 +00:00
14f5ac9081
Use the pool allocator for ipflow entries.
1998-10-08 01:41:45 +00:00
974aa74abd
Use the pool allocator for ipqent structures.
1998-10-08 01:19:25 +00:00
588ccb2d75
Fix some typos in comments, and clean up some whitespace.
1998-10-07 23:33:02 +00:00
6cfb33b4e4
Use the pool allocator for the tcpcb's TCP/IP header template.
1998-10-07 23:20:03 +00:00
bf4e491879
Fix boolean dyslexic test. Duh!
1998-10-06 00:41:13 +00:00
8e8f38e0f2
Add a sysctl for newreno (default to off).
1998-10-06 00:20:44 +00:00
a1ea50ee45
* in_pcblookup_port(): deprecate INPLOOKUP_WILDCARD and flags in favour
...
of a lookup_wildcard arg; simplifies the logic a bit.
* when assigning ephemeral ports in in_pcbbind(), always call
in_pcblookup_port() with lookup_wildcard=1, so that ephemeral port
allocation on sockets with SO_REUSEADDR set won't potentially bind to a
port in use by something else (principle of least surprise).
1998-10-05 14:33:14 +00:00
thorpej