/* $NetBSD: in_proto.c,v 1.40 2000/07/10 09:31:29 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)in_proto.c 8.2 (Berkeley) 2/9/95 */ #include "opt_mrouting.h" #include "opt_eon.h" /* ISO CLNL over IP */ #include "opt_iso.h" /* ISO TP tunneled over IP */ #include "opt_ns.h" /* NSIP: XNS tunneled over IP */ #include "opt_inet.h" #include "opt_ipsec.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef INET6 #ifndef INET #include #endif #include #endif #include #include #include #include #include #include #include #include #include #include #include /* * TCP/IP protocol family: IP, ICMP, UDP, TCP. */ #ifdef IPSEC #include #ifdef IPSEC_ESP #include #endif #include #endif /* IPSEC */ #include "gif.h" #if NGIF > 0 #include #endif #ifdef NSIP #include #include #endif /* NSIP */ #ifdef TPIP #include #include #endif /* TPIP */ #ifdef EON #include #endif /* EON */ #include "ipip.h" #if NIPIP > 0 || defined(MROUTING) #include #endif /* NIPIP > 0 || MROUTING */ #include "gre.h" #if NGRE > 0 #include #endif #include "stf.h" #if NSTF > 0 #include #endif extern struct domain inetdomain; struct protosw inetsw[] = { { 0, &inetdomain, 0, 0, 0, ip_output, 0, 0, 0, ip_init, 0, ip_slowtimo, ip_drain, ip_sysctl }, { SOCK_DGRAM, &inetdomain, IPPROTO_UDP, PR_ATOMIC|PR_ADDR, udp_input, 0, udp_ctlinput, ip_ctloutput, udp_usrreq, udp_init, 0, 0, 0, udp_sysctl }, { SOCK_STREAM, &inetdomain, IPPROTO_TCP, PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN, tcp_input, 0, tcp_ctlinput, tcp_ctloutput, tcp_usrreq, tcp_init, tcp_fasttimo, tcp_slowtimo, tcp_drain, tcp_sysctl }, { SOCK_RAW, &inetdomain, IPPROTO_RAW, PR_ATOMIC|PR_ADDR, rip_input, rip_output, 0, rip_ctloutput, rip_usrreq, 0, 0, 0, 0, }, { SOCK_RAW, &inetdomain, IPPROTO_ICMP, PR_ATOMIC|PR_ADDR, icmp_input, rip_output, 0, rip_ctloutput, rip_usrreq, 0, 0, 0, 0, icmp_sysctl }, #ifdef IPSEC { SOCK_RAW, &inetdomain, IPPROTO_AH, PR_ATOMIC|PR_ADDR, ah4_input, 0, 0, 0, 0, 0, 0, 0, 0, ipsec_sysctl }, #ifdef IPSEC_ESP { SOCK_RAW, &inetdomain, IPPROTO_ESP, PR_ATOMIC|PR_ADDR, esp4_input, 0, 0, 0, 0, 0, 0, 0, 0, ipsec_sysctl }, #endif { SOCK_RAW, &inetdomain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR, ipcomp4_input, 0, 0, 0, 0, 0, 0, 0, 0, ipsec_sysctl }, #endif /* IPSEC */ { SOCK_RAW, &inetdomain, IPPROTO_IPV4, PR_ATOMIC|PR_ADDR, encap4_input, rip_output, 0, rip_ctloutput, rip_usrreq, /*XXX*/ encap_init, 0, 0, 0, }, #ifdef INET6 { SOCK_RAW, &inetdomain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR, encap4_input, rip_output, 0, rip_ctloutput, rip_usrreq, /*XXX*/ 0, 0, 0, 0, }, #endif /* INET6 */ #if NGRE > 0 { SOCK_RAW, &inetdomain, IPPROTO_GRE, PR_ATOMIC|PR_ADDR, gre_input, rip_output, 0, rip_ctloutput, rip_usrreq, 0, 0, 0, 0, }, { SOCK_RAW, &inetdomain, IPPROTO_MOBILE, PR_ATOMIC|PR_ADDR, gre_mobile_input, rip_output, 0, rip_ctloutput, rip_usrreq, 0, 0, 0, 0, }, #endif /* NGRE > 0 */ { SOCK_RAW, &inetdomain, IPPROTO_IGMP, PR_ATOMIC|PR_ADDR, igmp_input, rip_output, 0, rip_ctloutput, rip_usrreq, igmp_init, igmp_fasttimo, igmp_slowtimo, 0, }, #ifdef TPIP { SOCK_SEQPACKET,&inetdomain, IPPROTO_TP, PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN, tpip_input, 0, tpip_ctlinput, tp_ctloutput, tp_usrreq, tp_init, 0, tp_slowtimo, tp_drain, }, #endif /* TPIP */ /* EON (ISO CLNL over IP) */ #ifdef EON { SOCK_RAW, &inetdomain, IPPROTO_EON, 0, eoninput, 0, eonctlinput, 0, 0, eonprotoinit, 0, 0, 0, }, #endif /* EON */ #ifdef NSIP { SOCK_RAW, &inetdomain, IPPROTO_IDP, PR_ATOMIC|PR_ADDR, idpip_input, NULL, nsip_ctlinput, 0, rip_usrreq, 0, 0, 0, 0, }, #endif /* NSIP */ /* raw wildcard */ { SOCK_RAW, &inetdomain, 0, PR_ATOMIC|PR_ADDR, rip_input, rip_output, 0, rip_ctloutput, rip_usrreq, rip_init, 0, 0, 0, }, }; #if NIPIP > 0 struct protosw ipip_protosw = { SOCK_RAW, &inetdomain, IPPROTO_IPIP, PR_ATOMIC|PR_ADDR, ipip_input, rip_output, 0, rip_ctloutput, rip_usrreq, /* XXX */ 0, 0, 0, 0, }; #endif /* NIPIP */ #if NGIF > 0 struct protosw in_gif_protosw = { SOCK_RAW, &inetdomain, 0/*IPPROTO_IPV[46]*/, PR_ATOMIC|PR_ADDR, in_gif_input, rip_output, 0, rip_ctloutput, rip_usrreq, 0, 0, 0, 0, }; #endif /*NGIF*/ #if NSTF > 0 struct protosw in_stf_protosw = { SOCK_RAW, &inetdomain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR, in_stf_input, rip_output, 0, rip_ctloutput, rip_usrreq, 0, 0, 0, 0 }; #endif /*NSTF*/ struct domain inetdomain = { PF_INET, "internet", 0, 0, 0, inetsw, &inetsw[sizeof(inetsw)/sizeof(inetsw[0])], 0, rn_inithead, 32, sizeof(struct sockaddr_in) }; u_char ip_protox[IPPROTO_MAX]; #define TCP_SYN_HASH_SIZE 293 #define TCP_SYN_BUCKET_SIZE 35 int tcp_syn_cache_size = TCP_SYN_HASH_SIZE; int tcp_syn_cache_limit = TCP_SYN_HASH_SIZE*TCP_SYN_BUCKET_SIZE; int tcp_syn_bucket_limit = 3*TCP_SYN_BUCKET_SIZE; struct syn_cache_head tcp_syn_cache[TCP_SYN_HASH_SIZE]; int tcp_syn_cache_interval = 1; /* runs timer twice a second */ struct timeval tcp_rst_ratelim = { 0, 10000 }; /* 10000usec = 10msec */ struct timeval icmperrratelim = { 0, 0 }; /* no ratelimit */ int icmperrppslim = 100; /* 100pps */