| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk
Reviewed by: phk
Approved by: mdodd
Notes:
svn path=/head/; revision=60833
|
|
|
|
|
|
|
| |
Suggested by: des/nbm
Notes:
svn path=/head/; revision=60798
|
|
|
|
|
|
|
| |
badport_bandlim() will not muck up your console with printf() messages.
Notes:
svn path=/head/; revision=60797
|
|
|
|
|
|
|
| |
Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
Notes:
svn path=/head/; revision=60765
|
|
|
|
|
|
|
|
|
|
|
| |
down as a result of a reset. Returning EINVAL in that case makes no
sense at all and just confuses people as to what happened. It could be
argued that we should save the original address somewhere so that
getsockname() etc can tell us what it used to be so we know where the
problem connection attempts are coming from.
Notes:
svn path=/head/; revision=60690
|
|
|
|
| |
Notes:
svn path=/head/; revision=60687
|
|
|
|
|
|
|
| |
Also-missed-by: peter
Notes:
svn path=/head/; revision=60662
|
|
|
|
|
|
|
|
|
|
| |
integer expression. Otherwise the sizeof() call will force the expression
to be evaluated as unsigned, which is not the intended behavior.
Obtained from: NetBSD (in a different form)
Notes:
svn path=/head/; revision=60661
|
|
|
|
|
|
|
|
|
|
| |
code retransmitting data from the wrong offset.
As a footnote, the newreno code was partially derived from NetBSD
and Tom Henderson <tomh@cs.berkeley.edu>
Notes:
svn path=/head/; revision=60619
|
|
|
|
|
|
|
| |
PR: kern/10747, kern/18382
Notes:
svn path=/head/; revision=60612
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of the individual drivers and into the common routine ether_input().
Also, remove the (incomplete) hack for matching ethernet headers
in the ip_fw code.
The good news: net result of 1016 lines removed, and this should make
bridging now work with *all* Ethernet drivers.
The bad news: it's nearly impossible to test every driver, especially
for bridging, and I was unable to get much testing help on the mailing
lists.
Reviewed by: freebsd-net
Notes:
svn path=/head/; revision=60536
|
|
|
|
|
|
|
| |
data corruption problem.
Notes:
svn path=/head/; revision=60408
|
|
|
|
|
|
|
|
|
|
|
| |
that they (once again) go to the target machine rather than
the alias address.
PR: 18354
Submitted by: ru
Notes:
svn path=/head/; revision=60363
|
|
|
|
|
|
|
| |
similar to recent fix to sys/netinet/ipf.c (by darren).
Notes:
svn path=/head/; revision=60304
|
|
|
|
| |
Notes:
svn path=/head/; revision=60295
|
|
|
|
|
|
|
| |
Submitted by: n_hibma
Notes:
svn path=/head/; revision=60265
|
|
|
|
| |
Notes:
svn path=/head/; revision=60214
|
|
|
|
|
|
|
| |
inline functions and prototypes.
Notes:
svn path=/head/; revision=60105
|
|
|
|
|
|
|
|
|
|
|
| |
better recovery for multiple packet losses in a single window.
The algorithm can be toggled via the sysctl net.inet.tcp.newreno,
which defaults to "on".
Submitted by: Jayanth Vijayaraghavan <jayanth@yahoo-inc.com>
Notes:
svn path=/head/; revision=60067
|
|
|
|
|
|
|
|
|
|
|
| |
calling in_pcbbind so that in_pcbbind sees a valid address if no
address was specified (since divert sockets ignore them).
PR: 17552
Reviewed by: Brian
Notes:
svn path=/head/; revision=59909
|
|
|
|
| |
Notes:
svn path=/head/; revision=59898
|
|
|
|
| |
Notes:
svn path=/head/; revision=59874
|
|
|
|
|
|
|
|
|
|
| |
to PPTP) with more generic PacketAliasRedirectProto().
Major number is not bumped because it is believed that noone
has started using PacketAliasRedirectPptp() yet.
Notes:
svn path=/head/; revision=59726
|
|
|
|
| |
Notes:
svn path=/head/; revision=59704
|
|
|
|
|
|
|
|
|
| |
LSNAT links are first created by either PacketAliasRedirectPort() or
PacketAliasRedirectAddress() and then set up by one or more calls to
PacketAliasAddServer().
Notes:
svn path=/head/; revision=59702
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this fix, all IPv6 TCP RST packet has wrong cksum value,
so IPv6 connect() trial to 5.0 machine won't fail until tcp connect timeout,
when they should fail soon.
Thanks to haro@tk.kubota.co.jp (Munehiro Matsuda) for his much debugging
help and detailed info.
Notes:
svn path=/head/; revision=59392
|
|
|
|
|
|
|
| |
Remove ~60 unneeded #include <sys/malloc.h>
Notes:
svn path=/head/; revision=59391
|
|
|
|
|
|
|
|
|
|
| |
- new API function: PacketAliasRedirectPptp()
- new mode bit: PKT_ALIAS_DENY_PPTP
Please see manual page for details.
Notes:
svn path=/head/; revision=59356
|
|
|
|
|
|
|
|
|
| |
ESTABLISHED.
Obtained from: KAME Project
Notes:
svn path=/head/; revision=59334
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
connections, after SYN packets were seen from both ends. Before this,
it would get applied right after the first SYN packet was seen (either
from client or server). With broken TCP connection attempts, when the
remote end does not respond with SYNACK nor with RST, this resulted in
having a useless (ie, no actual TCP connection associated with it) TCP
link with 86400 seconds TTL, wasting system memory. With high rate of
such broken connection attempts (for example, remote end simply blocks
these connection attempts with ipfw(8) without sending RST back), this
could result in a denial-of-service.
PR: bin/17963
Notes:
svn path=/head/; revision=59237
|
|
|
|
| |
Notes:
svn path=/head/; revision=59202
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
but with `dst_port' work for outgoing packets.
This case was not handled properly when I first fixed this
in revision 1.17.
This change is also required for the upcoming improved PPTP
support patches -- that is how I found the problem.
Before this change:
# natd -v -a aliasIP \
-redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT
Out [TCP] [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to
[TCP] aliasIP:localPORT -> remoteIP:remotePORT
After this change:
# natd -v -a aliasIP \
-redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT
Out [TCP] [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to
[TCP] publicIP:publicPORT -> remoteIP:remotePORT
Notes:
svn path=/head/; revision=59181
|
|
|
|
|
|
|
| |
Submitted by: csg@waterspout.com (C. Stephen Gunn)
Notes:
svn path=/head/; revision=59143
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor optimizations.
- Minor spelling fixes.
PR: 14305
Submitted by: ume
Rewritten by: ru
Notes:
svn path=/head/; revision=59075
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor spelling fixes.
- Make IcmpAliasOut2() really work.
Before this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[87923]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49562 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49562 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] A.A.A.A -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49562 > P.P.P.P.50000: udp 3
A.A.A.A > X.X.X.X: icmp: A.A.A.A udp port 50000 unreachable
After this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[89360]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49563 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49563 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] P.P.P.P -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49563 > P.P.P.P.50000: udp 3
P.P.P.P > X.X.X.X: icmp: P.P.P.P udp port 50000 unreachable
Notes:
svn path=/head/; revision=59047
|
|
|
|
|
|
|
| |
- Minor spelling fixes.
Notes:
svn path=/head/; revision=59046
|
|
|
|
| |
Notes:
svn path=/head/; revision=59031
|
|
|
|
|
|
|
| |
Requested by: Charles Mott <cmott@scientech.com>
Notes:
svn path=/head/; revision=58943
|
|
|
|
|
|
|
|
|
|
| |
This should stop cksum error messages on IPsec communication
which was reported on freebsd-current.
Reviewed by: jlemon
Notes:
svn path=/head/; revision=58936
|
|
|
|
| |
Notes:
svn path=/head/; revision=58911
|
|
|
|
|
|
|
| |
Submitted by: ume
Notes:
svn path=/head/; revision=58907
|
|
|
|
|
|
|
|
|
| |
divert socket. This fixes a problem with ppp/natd.
Reviewed by: bsd (Brian Dean, gotta love that login name)
Notes:
svn path=/head/; revision=58895
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
INADDR_NONE: Incoming packets go to the alias address (the default)
INADDR_ANY: Incoming packets are not NAT'd (direct access to the
internal network from outside)
anything else: Incoming packets go to the specified address
Change a few inaddr::s_addr == 0 to inaddr::s_addr == INADDR_ANY
while I'm there.
Notes:
svn path=/head/; revision=58877
|
|
|
|
|
|
|
|
|
|
| |
redirected and when no target address has been specified, NAT
the destination address to the alias address rather than
allowing people direct access to your internal network from
outside.
Notes:
svn path=/head/; revision=58866
|
|
|
|
|
|
|
|
|
|
|
|
| |
mbuf is marked for delayed checksums, then additionally mark the
packet as having it's checksums computed. This allows us to bypass
computing/checking the checksum entirely, which isn't really needeed
as the packet has never hit the wire.
Reviewed by: green
Notes:
svn path=/head/; revision=58806
|
|
|
|
|
|
|
|
|
|
| |
All three of them have been introduced in rev 1.64, so i guess i've
got all of them now. :)
Submitted by: Peter Johnson <locke@mcs.net>
Notes:
svn path=/head/; revision=58770
|
|
|
|
|
|
|
|
|
|
|
| |
Reported in Usenet by: locke@mcs.net (Peter Johnson)
While i was at it, prepended a 0x to the %D output, to make it clear that
the printed value is in hex (i assume %D has been chosen over %#x to
obey network byte order).
Notes:
svn path=/head/; revision=58758
|
|
|
|
|
|
|
| |
supports them.
Notes:
svn path=/head/; revision=58698
|
|
|
|
|
|
|
|
|
|
| |
improperly doing the equivalent of (m = (function() == NULL)) instead
of ((m = function()) == NULL).
This fixes a NULL pointer dereference panic with runt arp packets.
Notes:
svn path=/head/; revision=58499
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove a bogus (redundant, just weird, etc.) key_freeso(so).
There are no consumers of it now, nor does it seem there
ever will be.
in6?_pcb.c:
Add an if (inp->in6?p_sp != NULL) before the call to
ipsec[46]_delete_pcbpolicy(inp). In low-memory conditions
this can cause a crash because in6?_sp can be NULL...
Notes:
svn path=/head/; revision=58452
|