aboutsummaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Change the way that the queue(3) structures are declared; don't assume thatJake Burkholder2000-05-239-19/+19
| | | | | | | | | | | the type argument to *_HEAD and *_ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd Notes: svn path=/head/; revision=60833
* sysctl'ize ICMP_BANDLIM and ICMP_BANDLIM_SUPPRESS_OUTPUT.Dan Moschuk2000-05-225-35/+10
| | | | | | | Suggested by: des/nbm Notes: svn path=/head/; revision=60798
* Add option ICMP_BANDLIM_SUPPRESS_OUTPUT to the mix. With this option,Dan Moschuk2000-05-221-0/+2
| | | | | | | badport_bandlim() will not muck up your console with printf() messages. Notes: svn path=/head/; revision=60797
* Compute the checksum before handing the packet off to IPFilter.Jonathan Lemon2000-05-213-2/+11
| | | | | | | Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca> Notes: svn path=/head/; revision=60765
* Return ECONNRESET instead of EINVAL if the connection has been shotPeter Wemm2000-05-191-3/+3
| | | | | | | | | | | down as a result of a reset. Returning EINVAL in that case makes no sense at all and just confuses people as to what happened. It could be argued that we should save the original address somewhere so that getsockname() etc can tell us what it used to be so we know where the problem connection attempts are coming from. Notes: svn path=/head/; revision=60690
* snd_cwnd was updated twice in the tcp_newreno function.Jayanth Vijayaraghavan2000-05-182-2/+0
| | | | Notes: svn path=/head/; revision=60687
* Sigh, fix a rookie patch merge error.Jayanth Vijayaraghavan2000-05-172-6/+0
| | | | | | | Also-missed-by: peter Notes: svn path=/head/; revision=60662
* Cast sizeof() calls to be of type (int) when they appear in a signedJonathan Lemon2000-05-171-3/+4
| | | | | | | | | | integer expression. Otherwise the sizeof() call will force the expression to be evaluated as unsigned, which is not the intended behavior. Obtained from: NetBSD (in a different form) Notes: svn path=/head/; revision=60661
* snd_una was being updated incorrectly, this resulted in the newrenoJayanth Vijayaraghavan2000-05-162-6/+16
| | | | | | | | | | code retransmitting data from the wrong offset. As a footnote, the newreno code was partially derived from NetBSD and Tom Henderson <tomh@cs.berkeley.edu> Notes: svn path=/head/; revision=60619
* Do not call icmp_error() if ipfirewall(4) denied packet.Ruslan Ermilov2000-05-151-0/+4
| | | | | | | PR: kern/10747, kern/18382 Notes: svn path=/head/; revision=60612
* Move code to handle BPF and bridging for incoming Ethernet packets outArchie Cobbs2000-05-142-236/+175
| | | | | | | | | | | | | | | | | | of the individual drivers and into the common routine ether_input(). Also, remove the (incomplete) hack for matching ethernet headers in the ip_fw code. The good news: net result of 1016 lines removed, and this should make bridging now work with *all* Ethernet drivers. The bad news: it's nearly impossible to test every driver, especially for bridging, and I was unable to get much testing help on the mailing lists. Reviewed by: freebsd-net Notes: svn path=/head/; revision=60536
* Temporarily turn off the newreno flag until we can track down the knownJayanth Vijayaraghavan2000-05-111-1/+1
| | | | | | | data corruption problem. Notes: svn path=/head/; revision=60408
* Revert the default behaviour for incoming connections soBrian Somers2000-05-112-3/+3
| | | | | | | | | | | that they (once again) go to the target machine rather than the alias address. PR: 18354 Submitted by: ru Notes: svn path=/head/; revision=60363
* correct more out-of-bounds memory access, if cnt == 1 and optlen > 1.Jun-ichiro itojun Hagino2000-05-101-0/+4
| | | | | | | similar to recent fix to sys/netinet/ipf.c (by darren). Notes: svn path=/head/; revision=60304
* Fix bug in dealing with "hlen == 1 and opt > 1"Darren Reed2000-05-091-4/+10
| | | | Notes: svn path=/head/; revision=60295
* Add missing include machine/in_cksum.h.Paul Saab2000-05-092-0/+3
| | | | | | | Submitted by: n_hibma Notes: svn path=/head/; revision=60265
* Include machine/in_cksum.h to unbreak options MROUTING.Kenneth D. Merry2000-05-081-0/+1
| | | | Notes: svn path=/head/; revision=60214
* Add #include <machine/in_cksum.h>, in order to pick up the checksumJonathan Lemon2000-05-063-1/+4
| | | | | | | inline functions and prototypes. Notes: svn path=/head/; revision=60105
* Implement TCP NewReno, as documented in RFC 2582. This allowsJonathan Lemon2000-05-066-15/+163
| | | | | | | | | | | better recovery for multiple packet losses in a single window. The algorithm can be toggled via the sysctl net.inet.tcp.newreno, which defaults to "on". Submitted by: Jayanth Vijayaraghavan <jayanth@yahoo-inc.com> Notes: svn path=/head/; revision=60067
* Force the address of the socket to be INADDR_ANY immediately beforePaul Richards2000-05-021-1/+13
| | | | | | | | | | | calling in_pcbbind so that in_pcbbind sees a valid address if no address was specified (since divert sockets ignore them). PR: 17552 Reviewed by: Brian Notes: svn path=/head/; revision=59909
* Remove an unnecessary error messageLuigi Rizzo2000-05-021-0/+2
| | | | Notes: svn path=/head/; revision=59898
* Add $FreeBSD$Peter Wemm2000-05-012-1/+3
| | | | Notes: svn path=/head/; revision=59874
* Replace PacketAliasRedirectPptp() (which had nothing specificRuslan Ermilov2000-04-285-111/+88
| | | | | | | | | | to PPTP) with more generic PacketAliasRedirectProto(). Major number is not bumped because it is believed that noone has started using PacketAliasRedirectPptp() yet. Notes: svn path=/head/; revision=59726
* Spell PacketAliasRedirectAddr() correctly.Ruslan Ermilov2000-04-271-1/+1
| | | | Notes: svn path=/head/; revision=59704
* Load Sharing using IP Network Address Translation (RFC 2391, LSNAT).Ruslan Ermilov2000-04-273-27/+150
| | | | | | | | | LSNAT links are first created by either PacketAliasRedirectPort() or PacketAliasRedirectAddress() and then set up by one or more calls to PacketAliasAddServer(). Notes: svn path=/head/; revision=59702
* Let initialize th_sum before in6_cksum(), again.Yoshinobu Inoue2000-04-192-0/+2
| | | | | | | | | | | | Without this fix, all IPv6 TCP RST packet has wrong cksum value, so IPv6 connect() trial to 5.0 machine won't fail until tcp connect timeout, when they should fail soon. Thanks to haro@tk.kubota.co.jp (Munehiro Matsuda) for his much debugging help and detailed info. Notes: svn path=/head/; revision=59392
* Remove ~25 unneeded #include <sys/conf.h>Poul-Henning Kamp2000-04-191-1/+0
| | | | | | | Remove ~60 unneeded #include <sys/malloc.h> Notes: svn path=/head/; revision=59391
* Add support for multiple PPTP sessions:Ruslan Ermilov2000-04-185-88/+265
| | | | | | | | | | - new API function: PacketAliasRedirectPptp() - new mode bit: PKT_ALIAS_DENY_PPTP Please see manual page for details. Notes: svn path=/head/; revision=59356
* ND6_HINT() should not be called unless the connection status isMunechika SUMIKAWA2000-04-172-2/+0
| | | | | | | | | ESTABLISHED. Obtained from: KAME Project Notes: svn path=/head/; revision=59334
* Apply TCP_EXPIRE_CONNECTED (86400 seconds) timeout only to establishedRuslan Ermilov2000-04-141-16/+10
| | | | | | | | | | | | | | | | | connections, after SYN packets were seen from both ends. Before this, it would get applied right after the first SYN packet was seen (either from client or server). With broken TCP connection attempts, when the remote end does not respond with SYNACK nor with RST, this resulted in having a useless (ie, no actual TCP connection associated with it) TCP link with 86400 seconds TTL, wasting system memory. With high rate of such broken connection attempts (for example, remote end simply blocks these connection attempts with ipfw(8) without sending RST back), this could result in a denial-of-service. PR: bin/17963 Notes: svn path=/head/; revision=59237
* A complete reformatting of manual page.Ruslan Ermilov2000-04-131-724/+686
| | | | Notes: svn path=/head/; revision=59202
* Make partially specified permanent links without `dst_addr'Ruslan Ermilov2000-04-121-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | but with `dst_port' work for outgoing packets. This case was not handled properly when I first fixed this in revision 1.17. This change is also required for the upcoming improved PPTP support patches -- that is how I found the problem. Before this change: # natd -v -a aliasIP \ -redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT Out [TCP] [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to [TCP] aliasIP:localPORT -> remoteIP:remotePORT After this change: # natd -v -a aliasIP \ -redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT Out [TCP] [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to [TCP] publicIP:publicPORT -> remoteIP:remotePORT Notes: svn path=/head/; revision=59181
* PR: kern/17872Wes Peters2000-04-111-10/+3
| | | | | | | Submitted by: csg@waterspout.com (C. Stephen Gunn) Notes: svn path=/head/; revision=59143
* - Add support for FTP EPRT (RFC 2428) command.Ruslan Ermilov2000-04-061-63/+169
| | | | | | | | | | | | - Minor optimizations. - Minor spelling fixes. PR: 14305 Submitted by: ume Rewritten by: ru Notes: svn path=/head/; revision=59075
* - Remove unused includes.Ruslan Ermilov2000-04-051-24/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Minor spelling fixes. - Make IcmpAliasOut2() really work. Before this change: # natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P natd[87923]: Aliasing to A.A.A.A, mtu 1500 bytes In [UDP] [UDP] X.X.X.X:49562 -> P.P.P.P:50000 aliased to [UDP] X.X.X.X:49562 -> 192.168.1.1:50000 Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to [ICMP] A.A.A.A -> X.X.X.X 3(3) # tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)" tcpdump: listening on PUB_IFACE X.X.X.X.49562 > P.P.P.P.50000: udp 3 A.A.A.A > X.X.X.X: icmp: A.A.A.A udp port 50000 unreachable After this change: # natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P natd[89360]: Aliasing to A.A.A.A, mtu 1500 bytes In [UDP] [UDP] X.X.X.X:49563 -> P.P.P.P:50000 aliased to [UDP] X.X.X.X:49563 -> 192.168.1.1:50000 Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to [ICMP] P.P.P.P -> X.X.X.X 3(3) # tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)" tcpdump: listening on PUB_IFACE X.X.X.X.49563 > P.P.P.P.50000: udp 3 P.P.P.P > X.X.X.X: icmp: P.P.P.P udp port 50000 unreachable Notes: svn path=/head/; revision=59047
* - Moved NULL definition into private include file.Ruslan Ermilov2000-04-052-7/+6
| | | | | | | - Minor spelling fixes. Notes: svn path=/head/; revision=59046
* Minor spelling fixes.Ruslan Ermilov2000-04-052-5/+7
| | | | Notes: svn path=/head/; revision=59031
* Correct Charles Mott's email addressBrian Somers2000-04-021-1/+1
| | | | | | | Requested by: Charles Mott <cmott@scientech.com> Notes: svn path=/head/; revision=58943
* Move htons() ip_len to after the in_delayed_cksum() call.Yoshinobu Inoue2000-04-021-5/+5
| | | | | | | | | | This should stop cksum error messages on IPsec communication which was reported on freebsd-current. Reviewed by: jlemon Notes: svn path=/head/; revision=58936
* Try and make the kernel build again without INET6.Paul Saab2000-04-021-0/+2
| | | | Notes: svn path=/head/; revision=58911
* Support per socket based IPv4 mapped IPv6 addr enable/disable control.Yoshinobu Inoue2000-04-014-8/+12
| | | | | | | Submitted by: ume Notes: svn path=/head/; revision=58907
* Calculate any delayed checksums before handing an mbuf off to aJonathan Lemon2000-04-011-0/+10
| | | | | | | | | divert socket. This fixes a problem with ppp/natd. Reviewed by: bsd (Brian Dean, gotta love that login name) Notes: svn path=/head/; revision=58895
* Allow PacketAliasSetTarget() to be passed the following:Brian Somers2000-03-312-13/+22
| | | | | | | | | | | | | INADDR_NONE: Incoming packets go to the alias address (the default) INADDR_ANY: Incoming packets are not NAT'd (direct access to the internal network from outside) anything else: Incoming packets go to the specified address Change a few inaddr::s_addr == 0 to inaddr::s_addr == INADDR_ANY while I'm there. Notes: svn path=/head/; revision=58877
* When an incoming packet is received that is not specificallyBrian Somers2000-03-311-1/+1
| | | | | | | | | | redirected and when no target address has been specified, NAT the destination address to the alias address rather than allowing people direct access to your internal network from outside. Notes: svn path=/head/; revision=58866
* If `ipfw fwd' loops an mbuf back to ip_input from ip_output and theJonathan Lemon2000-03-301-6/+7
| | | | | | | | | | | | mbuf is marked for delayed checksums, then additionally mark the packet as having it's checksums computed. This allows us to bypass computing/checking the checksum entirely, which isn't really needeed as the packet has never hit the wire. Reviewed by: green Notes: svn path=/head/; revision=58806
* Peter Johnson found another log() call without a trailing newline.Joerg Wunsch2000-03-291-1/+1
| | | | | | | | | | All three of them have been introduced in rev 1.64, so i guess i've got all of them now. :) Submitted by: Peter Johnson <locke@mcs.net> Notes: svn path=/head/; revision=58770
* Added two missing newlines in calls to log(9).Joerg Wunsch2000-03-281-2/+2
| | | | | | | | | | | Reported in Usenet by: locke@mcs.net (Peter Johnson) While i was at it, prepended a 0x to the %D output, to make it clear that the printed value is in hex (i assume %D has been chosen over %#x to obey network byte order). Notes: svn path=/head/; revision=58758
* Add support for offloading IP/TCP/UDP checksums to NIC hardware whichJonathan Lemon2000-03-278-102/+219
| | | | | | | supports them. Notes: svn path=/head/; revision=58698
* Fix parens in m_pullup() line in arp handling code. The code wasMatthew Dillon2000-03-231-1/+1
| | | | | | | | | | improperly doing the equivalent of (m = (function() == NULL)) instead of ((m = function()) == NULL). This fixes a NULL pointer dereference panic with runt arp packets. Notes: svn path=/head/; revision=58499
* in6_pcb.c:Brian Feldman2000-03-221-1/+2
| | | | | | | | | | | | | | Remove a bogus (redundant, just weird, etc.) key_freeso(so). There are no consumers of it now, nor does it seem there ever will be. in6?_pcb.c: Add an if (inp->in6?p_sp != NULL) before the call to ipsec[46]_delete_pcbpolicy(inp). In low-memory conditions this can cause a crash because in6?_sp can be NULL... Notes: svn path=/head/; revision=58452
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-23 00:27:56 +0000