aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* De-register.Matthew N. Dodd2004-03-141-22/+22
| | | | Notes: svn path=/head/; revision=126936
* Lock down IP-layer encapsulation library:Robert Watson2004-03-101-51/+35
| | | | | | | | | | | | | | | | | | | | - Add encapmtx to protect ip_encap.c global variables (encapsulation list). - Unifdef #ifdef 0 pieces of encap_init() which was (and now really is) basically a no-op. - Lock encapmtx when walking encaptab, modifying it, comparing entries, etc. - Remove spl's. Note that currently there's no facilite to make sure outstanding use of encapsulation methods on a table entry have drained bfore we allow a table entry to be removed. As such, it's currently the caller's responsibility to make sure that draining takes place. Reviewed by: mlaier Notes: svn path=/head/; revision=126792
* Scrub unused variable zeroin_addr.Robert Watson2004-03-102-3/+0
| | | | Notes: svn path=/head/; revision=126791
* To comply with the spec, do not copy the TOS from the outer IPJeffrey Hsu2004-03-081-6/+6
| | | | | | | | | | header to the inner IP header of the PIM Register if this is a PIM Null-Register message. Submitted by: Pavlin Radoslavov <pavlin@icir.org> Notes: svn path=/head/; revision=126741
* Include <sys/types.h> for autoconf/automake detection.Jeffrey Hsu2004-03-081-0/+2
| | | | | | | Submitted by: Pavlin Radoslavov <pavlin@icir.org> Notes: svn path=/head/; revision=126740
* Add some missing DUMMYNET_UNLOCK() in config_pipe().Max Laier2004-03-031-2/+7
| | | | | | | | Noticed by: Simon Coggins Approved by: bms(mentor) Notes: svn path=/head/; revision=126513
* Two minor follow-ups on the MT_TAG removal:Max Laier2004-03-021-3/+2
| | | | | | | | | | | ifp is now passed explicitly to ether_demux; no need to look it up again. Make mtag a global var in ip_input. Noticed by: rwatson Approved by: bms(mentor) Notes: svn path=/head/; revision=126486
* Rename NET_PICKUP_GIANT() to NET_LOCK_GIANT(), and NET_DROP_GIANT()Robert Watson2004-03-011-2/+2
| | | | | | | | | | | | | | to NET_UNLOCK_GIANT(). While they are used in similar ways, the semantics are quite different -- NET_LOCK_GIANT() and NET_UNLOCK_GIANT() directly wrap mutex lock and unlock operations, whereas drop/pickup special case the handling of Giant recursion. Add a comment saying as much. Add NET_ASSERT_GIANT(), which conditionally asserts Giant based on the value of debug_mpsafenet. Notes: svn path=/head/; revision=126467
* fix -O0 compilation without INET6.Hajimu UMEMOTO2004-03-012-4/+24
| | | | | | | Pointed out by: ru Notes: svn path=/head/; revision=126456
* Remove unneeded {} originally used to hold local variables for dummynetRobert Watson2004-02-281-2/+0
| | | | | | | | | in a code block, as the variable is now gone. Submitted by: sam Notes: svn path=/head/; revision=126368
* Remove now unneeded arguments to tcp_twrespond() -- so and msrc. TheseRobert Watson2004-02-285-23/+7
| | | | | | | | | were needed by the MAC Framework until inpcbs gained labels. Submitted by: sam Notes: svn path=/head/; revision=126351
* Bring eventhandler callbacks for pf.Max Laier2004-02-261-0/+5
| | | | | | | | | | | This enables pf to track dynamic address changes on interfaces (dailup) with the "on (<ifname>)"-syntax. This also brings hooks in anticipation of tracking cloned interfaces, which will be in future versions of pf. Approved by: bms(mentor) Notes: svn path=/head/; revision=126264
* Tweak existing header and other build infrastructure to be able to buildMax Laier2004-02-264-4/+32
| | | | | | | | | | pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor) Notes: svn path=/head/; revision=126263
* Split the mlock() kernel code into two parts, mlock(), which unpacksDon Lewis2004-02-264-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the syscall arguments and does the suser() permission check, and kern_mlock(), which does the resource limit checking and calls vm_map_wire(). Split munlock() in a similar way. Enable the RLIMIT_MEMLOCK checking code in kern_mlock(). Replace calls to vslock() and vsunlock() in the sysctl code with calls to kern_mlock() and kern_munlock() so that the sysctl code will obey the wired memory limits. Nuke the vslock() and vsunlock() implementations, which are no longer used. Add a member to struct sysctl_req to track the amount of memory that is wired to handle the request. Modify sysctl_wire_old_buffer() to return an error if its call to kern_mlock() fails. Only wire the minimum of the length specified in the sysctl request and the length specified in its argument list. It is recommended that sysctl handlers that use sysctl_wire_old_buffer() should specify reasonable estimates for the amount of data they want to return so that only the minimum amount of memory is wired no matter what length has been specified by the request. Modify the callers of sysctl_wire_old_buffer() to look for the error return. Modify sysctl_old_user to obey the wired buffer length and clean up its implementation. Reviewed by: bms Notes: svn path=/head/; revision=126253
* Re-remove MT_TAGs. The problems with dummynet have been fixed now.Max Laier2004-02-2514-403/+461
| | | | | | | | Tested by: -current, bms(mentor), me Approved by: bms(mentor), sam Notes: svn path=/head/; revision=126239
* Fixed namespace pollution in rev.1.74. Implementation of the syncacheBruce Evans2004-02-251-1/+4
| | | | | | | | | | | increased <netinet/tcp_var>'s already large set of prerequisites, and this was handled badly. Just don't declare the complete syncache struct unless <netinet/pcb.h> is included before <netinet/tcp_var.h>. Approved by: jlemon (years ago, for a more invasive fix) Notes: svn path=/head/; revision=126226
* Don't use the negatively-opaque type uma_zone_t or be chummy withBruce Evans2004-02-251-3/+1
| | | | | | | <vm/uma.h>'s idempotency indentifier or its misspelling. Notes: svn path=/head/; revision=126225
* Relax a KASSERT condition to allow for a valid corner case whereJeffrey Hsu2004-02-252-4/+10
| | | | | | | | | the FIN on the last segment consumes an extra sequence number. Spurious panic reported by Mike Silbersack <silby@silby.com>. Notes: svn path=/head/; revision=126220
* Convert the tcp segment reassembly queue to UMA and limit the maximumAndre Oppermann2004-02-245-25/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | | amount of segments it will hold. The following tuneables and sysctls control the behaviour of the tcp segment reassembly queue: net.inet.tcp.reass.maxsegments (loader tuneable) specifies the maximum number of segments all tcp reassemly queues can hold (defaults to 1/16 of nmbclusters). net.inet.tcp.reass.maxqlen specifies the maximum number of segments any individual tcp session queue can hold (defaults to 48). net.inet.tcp.reass.cursegments (readonly) counts the number of segments currently in all reassembly queues. net.inet.tcp.reass.overflows (readonly) counts how often either the global or local queue limit has been reached. Tested by: bms, silby Reviewed by: bms, silby Notes: svn path=/head/; revision=126193
* Fixed ucred structure leak.Pawel Jakub Dawidek2004-02-192-0/+4
| | | | | | | | | Approved by: scottl (mentor) PR: 54163 MFC after: 3 days Notes: svn path=/head/; revision=126002
* Backout MT_TAG removal (i.e. bring back MT_TAGs) for now, as dummynet isMax Laier2004-02-1814-457/+400
| | | | | | | | | not working properly with the patch in place. Approved by: bms(mentor) Notes: svn path=/head/; revision=125952
* IPSEC and FAST_IPSEC have the same internal API now;Hajimu UMEMOTO2004-02-174-48/+22
| | | | | | | | | so merge these (IPSEC has an extra ipsecstat) Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> Notes: svn path=/head/; revision=125941
* Shorten the name of the socket option used to enable TCP-MD5 packetBruce M Simpson2004-02-162-3/+3
| | | | | | | | | treatment. Submitted by: Vincent Jardin Notes: svn path=/head/; revision=125890
* don't update outgoing ifp, if ipsec tunnel mode encapsulationHajimu UMEMOTO2004-02-161-3/+5
| | | | | | | | | was not made. Obtained from: KAME Notes: svn path=/head/; revision=125875
* Spell types consistently throughout this file. Do not use the __packed ↵Bruce M Simpson2004-02-161-4/+4
| | | | | | | | | attribute, as we are often #include'd from userland without <sys/cdefs.h> in front of us, and it is not strictly necessary. Noticed by: Sascha Blank Notes: svn path=/head/; revision=125870
* Final brucification pass. Spell types consistently (u_int). Remove bogusBruce M Simpson2004-02-143-3/+3
| | | | | | | | | casts. Remove unnecessary parenthesis. Submitted by: bde Notes: svn path=/head/; revision=125819
* Do not expose ip_dn_find_rule inline function to userland and unbreak world.Max Laier2004-02-131-1/+1
| | | | | | | ---------------------------------------------------------------------- Notes: svn path=/head/; revision=125791
* Do not check receive interface when pfil(9) hook changed address.Max Laier2004-02-131-1/+1
| | | | | | | Approved by: bms(mentor) Notes: svn path=/head/; revision=125785
* This set of changes eliminates the use of MT_TAG "pseudo mbufs", replacingMax Laier2004-02-1314-396/+453
| | | | | | | | | | | | | | them mostly with packet tags (one case is handled by using an mbuf flag since the linkage between "caller" and "callee" is direct and there's no need to incur the overhead of a packet tag). This is (mostly) work from: sam Silence from: -arch Approved by: bms(mentor), sam, rwatson Notes: svn path=/head/; revision=125784
* Brucification.Bruce M Simpson2004-02-138-38/+43
| | | | | | | Submitted by: bde Notes: svn path=/head/; revision=125783
* supported IPV6_RECVPATHMTU socket option.Hajimu UMEMOTO2004-02-132-4/+4
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=125776
* Update the prototype for tcpsignature_apply() to reflect the spelling ofBruce M Simpson2004-02-123-5/+5
| | | | | | | | | the types used by m_apply()'s callback function, f, as documented in mbuf(9). Noticed by: njl Notes: svn path=/head/; revision=125742
* style(9) pass; whitespace and comments.Bruce M Simpson2004-02-123-40/+48
| | | | | | | Submitted by: njl Notes: svn path=/head/; revision=125741
* Remove an unnecessary initialization that crept in from the code whichBruce M Simpson2004-02-122-4/+2
| | | | | | | | | verifies TCP-MD5 digests. Noticed by: njl Notes: svn path=/head/; revision=125740
* Fix a typo; left out preprocessor conditional for sigoff variable, whichBruce M Simpson2004-02-111-0/+2
| | | | | | | | | is only used by TCP_SIGNATURE code. Noticed by: Roop Nanuwa Notes: svn path=/head/; revision=125698
* Initial import of RFC 2385 (TCP-MD5) digest support.Bruce M Simpson2004-02-1111-2/+397
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the first of two commits; bringing in the kernel support first. This can be enabled by compiling a kernel with options TCP_SIGNATURE and FAST_IPSEC. For the uninitiated, this is a TCP option which provides for a means of authenticating TCP sessions which came into being before IPSEC. It is still relevant today, however, as it is used by many commercial router vendors, particularly with BGP, and as such has become a requirement for interconnect at many major Internet points of presence. Several parts of the TCP and IP headers, including the segment payload, are digested with MD5, including a shared secret. The PF_KEY interface is used to manage the secrets using security associations in the SADB. There is a limitation here in that as there is no way to map a TCP flow per-port back to an SPI without polluting tcpcb or using the SPD; the code to do the latter is unstable at this time. Therefore this code only supports per-host keying granularity. Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6), TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective users of this feature, this will not pose any problem. This implementation is output-only; that is, the option is honoured when responding to a host initiating a TCP session, but no effort is made [yet] to authenticate inbound traffic. This is, however, sufficient to interwork with Cisco equipment. Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with local patches. Patches for tcpdump to validate TCP-MD5 sessions are also available from me upon request. Sponsored by: sentex.net Notes: svn path=/head/; revision=125680
* pass pcb rather than so. it is expected that per socket policyHajimu UMEMOTO2004-02-036-21/+8
| | | | | | | works again. Notes: svn path=/head/; revision=125396
* Add sysctl net.inet.icmp.reply_src to specify the interface nameAndre Oppermann2004-02-021-0/+19
| | | | | | | | | | | used for the ICMP reply source in reponse to packets which are not directly addressed to us. By default continue with with normal source selection. Reviewed by: bms Notes: svn path=/head/; revision=125360
* More verbose description of the source ip address selection for ICMP replies.Andre Oppermann2004-02-021-5/+16
| | | | | | | Reviewed by: bms Notes: svn path=/head/; revision=125349
* Introduce the SO_BINTIME option which takes a high-resolution timestampPoul-Henning Kamp2004-01-312-9/+20
| | | | | | | | | | | | | | | at packet arrival. For benchmarking purposes SO_BINTIME is preferable to SO_TIMEVAL since it has higher resolution and lower overhead. Simultaneous use of the two options is possible and they will return consistent timestamps. This introduces an extra test and a function call for SO_TIMEVAL, but I have not been able to measure that. Notes: svn path=/head/; revision=125264
* Remove NetBSD'isms (add FreeBSD'isms?), which makes gre(4) working again.Maxim Sobolev2004-01-301-1/+1
| | | | Notes: svn path=/head/; revision=125226
* Correct the descriptions of the net.inet.{udp,raw}.recvspace sysctls.Ruslan Ermilov2004-01-272-2/+2
| | | | Notes: svn path=/head/; revision=125118
* Add support for WCCPv2. It should be enablem manually using link2Maxim Sobolev2004-01-261-3/+6
| | | | | | | | | | | ifconfig(8) flag since header for version 2 is the same but IP payload is prepended with additional 4-bytes field. Inspired by: Roman Synyuk <roman@univ.kiev.ua> MFC after: 2 weeks Notes: svn path=/head/; revision=125024
* (whilespace-only)Maxim Sobolev2004-01-261-3/+3
| | | | | | | Kill trailing spaces. Notes: svn path=/head/; revision=125020
* Remove leftover FREE() from changes in rev 1.50.Andre Oppermann2004-01-231-1/+0
| | | | | | | Noticed by: Jun Kuriyama <kuriyama@imgsrc.co.jp> Notes: svn path=/head/; revision=124851
* Split the overloaded variable 'win' into two for their specific purposes:Andre Oppermann2004-01-221-21/+22
| | | | | | | | | | | recwin and sendwin. This removes a big source of confusion and makes following the code much easier. Reviewed by: sam (mentor) Obtained from: DragonFlyBSD rev 1.6 (hsu) Notes: svn path=/head/; revision=124849
* Move the reduction by one of the syncache limit after the zone has beenAndre Oppermann2004-01-221-1/+1
| | | | | | | | | | allocated. Reviewed by: sam (mentor) Obtained from: DragonFlyBSD rev 1.6 (hsu) Notes: svn path=/head/; revision=124848
* Remove an unused variable and put the sockaddr_in6 onto the stack insteadAndre Oppermann2004-01-221-26/+14
| | | | | | | | | | of malloc'ing it. Reviewed by: sam (mentor) Obtained from: DragonFlyBSD rev 1.6 (hsu) Notes: svn path=/head/; revision=124847
* Merge from DragonFlyBSD rev 1.10:Jeffrey Hsu2004-01-202-12/+10
| | | | | | | | | | date: 2003/09/02 10:04:47; author: hsu; state: Exp; lines: +5 -6 Account for when Limited Transmit is not congestion window limited. Obtained from: DragonFlyBSD Notes: svn path=/head/; revision=124761
* Mostly mechanical rework of libalias:Poul-Henning Kamp2004-01-1716-737/+1071
| | | | | | | | | | | | | | | Makes it possible to have multiple packet aliasing instances in a single process by moving all static and global variables into an instance structure called "struct libalias". Redefine a new API based on s/PacketAlias/LibAlias/g Add new "instance" argument to all functions in the new API. Implement old API in terms of the new API. Notes: svn path=/head/; revision=124621