summaryrefslogtreecommitdiff
path: root/sys/netinet/tcp_timewait.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge from TrustedBSD MAC branch:Robert Watson2002-03-221-4/+4
| | | | | | | | | | | | | | | | | Move the network code from using cr_cansee() to check whether a socket is visible to a requesting credential to using a new function, cr_canseesocket(), which accepts a subject credential and object socket. Implement cr_canseesocket() so that it does a prison check, a uid check, and add a comment where shortly a MAC hook will go. This will allow MAC policies to seperately instrument the visibility of sockets from the visibility of processes. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=92976
* Switch vm_zone.h with uma.h. Change over to uma interfaces.Jeff Roberson2002-03-201-3/+4
| | | | Notes: svn path=/head/; revision=92760
* Remove __P.Alfred Perlstein2002-03-191-4/+4
| | | | Notes: svn path=/head/; revision=92723
* Simple p_ucred -> td_ucred changes to start using the per-thread ucredJohn Baldwin2002-02-271-3/+3
| | | | | | | reference. Notes: svn path=/head/; revision=91406
* More IPV6 const fixes.Alfred Perlstein2002-02-271-1/+1
| | | | Notes: svn path=/head/; revision=91357
* Introduce a version field to `struct xucred' in place of one of theDima Dorfman2002-02-271-10/+2
| | | | | | | | | | | | | | | spares (the size of the field was changed from u_short to u_int to reflect what it really ends up being). Accordingly, change users of xucred to set and check this field as appropriate. In the kernel, this is being done inside the new cru2x() routine which takes a `struct ucred' and fills out a `struct xucred' according to the former. This also has the pleasant sideaffect of removing some duplicate code. Reviewed by: rwatson Notes: svn path=/head/; revision=91354
* In tcp_respond(), correctly reset returned IPv6 header. This is essentialHajimu UMEMOTO2002-02-041-0/+3
| | | | | | | | | | when the original packet contains an IPv6 extension header. Obtained from: KAME MFC after: 1 week Notes: svn path=/head/; revision=90198
* Introduce a syncache, which enables FreeBSD to withstand a SYN floodJonathan Lemon2001-11-221-36/+42
| | | | | | | | | | DoS in an improved fashion over the existing code. Reviewed by: silby (in a previous iteration) Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=86764
* o Replace reference to 'struct proc' with 'struct thread' in 'structRobert Watson2001-11-081-5/+5
| | | | | | | | | | | | | | | | | | sysctl_req', which describes in-progress sysctl requests. This permits sysctl handlers to have access to the current thread, permitting work on implementing td->td_ucred, migration of suser() to using struct thread to derive the appropriate ucred, and allowing struct thread to be passed down to other code, such as network code where td is not currently available (and curproc is used). o Note: netncp and netsmb are not updated to reflect this change, as they are not currently KSE-adapted. Reviewed by: julian Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=86183
* - Combine kern.ps_showallprocs and kern.ipc.showallsockets intoRobert Watson2001-10-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | a single kern.security.seeotheruids_permitted, describes as: "Unprivileged processes may see subjects/objects with different real uid" NOTE: kern.ps_showallprocs exists in -STABLE, and therefore there is an API change. kern.ipc.showallsockets does not. - Check kern.security.seeotheruids_permitted in cr_cansee(). - Replace visibility calls to socheckuid() with cr_cansee() (retain the change to socheckuid() in ipfw, where it is used for rule-matching). - Remove prison_unpcb() and make use of cr_cansee() against the UNIX domain socket credential instead of comparing root vnodes for the UDS and the process. This allows multiple jails to share the same chroot() and not see each others UNIX domain sockets. - Remove unused socheckproc(). Now that cr_cansee() is used universally for socket visibility, a variety of policies are more consistently enforced, including uid-based restrictions and jail-based restrictions. This also better-supports the introduction of additional MAC models. Reviewed by: ps, billf Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=84736
* Only allow users to see their own socket connections ifPaul Saab2001-10-051-1/+5
| | | | | | | | | | | | kern.ipc.showallsockets is set to 0. Submitted by: billf (with modifications by me) Inspired by: Dave McKay (aka pm aka Packet Magnet) Reviewed by: peter MFC after: 2 weeks Notes: svn path=/head/; revision=84527
* o Rename u_cansee() to cr_cansee(), making the name more comprehensibleRobert Watson2001-09-201-2/+2
| | | | | | | | | in the face of a rename of ucred to cred, and possibly generally. Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=83742
* Much delayed but now present: RFC 1948 style sequence numbersMike Silbersack2001-08-221-71/+96
| | | | | | | | | | | | | In order to ensure security and functionality, RFC 1948 style initial sequence number generation has been implemented. Barring any major crypographic breakthroughs, this algorithm should be unbreakable. In addition, the problems with TIME_WAIT recycling which affect our currently used algorithm are not present. Reviewed by: jesper Notes: svn path=/head/; revision=82122
* Fix a warning.Peter Wemm2001-07-271-0/+2
| | | | Notes: svn path=/head/; revision=80429
* Patch up some style(9) stuff in tcp_new_isn()Peter Wemm2001-07-271-11/+7
| | | | Notes: svn path=/head/; revision=80428
* s/OpemBSD/OpenBSD/Peter Wemm2001-07-271-1/+1
| | | | Notes: svn path=/head/; revision=80427
* Temporary feature: Runtime tuneable tcp initial sequence numberMike Silbersack2001-07-081-0/+25
| | | | | | | | | | | | | | | | | | | | | generation scheme. Users may now select between the currently used OpenBSD algorithm and the older random positive increment method. While the OpenBSD algorithm is more secure, it also breaks TIME_WAIT handling; this is causing trouble for an increasing number of folks. To switch between generation schemes, one sets the sysctl net.inet.tcp.tcp_seq_genscheme. 0 = random positive increments, 1 = the OpenBSD algorithm. 1 is still the default. Once a secure _and_ compatible algorithm is implemented, this sysctl will be removed. Reviewed by: jlemon Tested by: numerous subscribers of -net Notes: svn path=/head/; revision=79413
* Allow getcred sysctl to work in jailed root processes. Processes canDavid Malone2001-06-241-7/+14
| | | | | | | | | | | only do getcred calls for sockets which were created in the same jail. This should allow the ident to work in a reasonable way within jails. PR: 28107 Approved by: des, rwatson Notes: svn path=/head/; revision=78697
* Replace bzero() of struct ip with explicit zeroing of structure members,Jonathan Lemon2001-06-231-2/+6
| | | | | | | which is faster. Notes: svn path=/head/; revision=78671
* Eliminate the allocation of a tcp template structure for eachMike Silbersack2001-06-231-48/+54
| | | | | | | | | | | | | | | connection. The information contained in a tcptemp can be reconstructed from a tcpcb when needed. Previously, tcp templates required the allocation of one mbuf per connection. On large systems, this change should free up a large number of mbufs. Reviewed by: bmilekic, jlemon, ru MFC after: 2 weeks Notes: svn path=/head/; revision=78642
* made sure to use the correct sa_len for rtalloc().Hajimu UMEMOTO2001-06-201-2/+2
| | | | | | | | | | | | | sizeof(ro_dst) is not necessarily the correct one. this change would also fix the recent path MTU discovery problem for the destination of an incoming TCP connection. Submitted by: JINMEI Tatuya <jinmei@kame.net> Obtained from: KAME MFC after: 2 weeks Notes: svn path=/head/; revision=78492
* Sync with recent KAME.Hajimu UMEMOTO2001-06-111-37/+28
| | | | | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks Notes: svn path=/head/; revision=78064
* "Fix" the previous initial attempt at fixing TUNABLE_INT(). This timePeter Wemm2001-06-081-1/+1
| | | | | | | | | | around, use a common function for looking up and extracting the tunables from the kernel environment. This saves duplicating the same function over and over again. This way typically has an overhead of 8 bytes + the path string, versus about 26 bytes + the path string. Notes: svn path=/head/; revision=77900
* Back out part of my previous commit. This was a last minute changePeter Wemm2001-06-071-1/+1
| | | | | | | | and I botched testing. This is a perfect example of how NOT to do this sort of thing. :-( Notes: svn path=/head/; revision=77853
* Make the TUNABLE_*() macros look and behave more consistantly like thePeter Wemm2001-06-061-2/+2
| | | | | | | | SYSCTL_*() macros. TUNABLE_INT_DECL() was an odd name because it didn't actually declare the int, which is what the name suggests it would do. Notes: svn path=/head/; revision=77843
* Say goodbye to TCP_COMPAT_42Jesper Skriver2001-04-201-7/+0
| | | | | | | | Reviewed by: wollman Requested by: wollman Notes: svn path=/head/; revision=75733
* Randomize the TCP initial sequence numbers more thoroughly.Kris Kennaway2001-04-171-1/+61
| | | | | | | | Obtained from: OpenBSD Reviewed by: jesper, peter, -developers Notes: svn path=/head/; revision=75619
* MFC candidate.Jesper Skriver2001-03-281-1/+2
| | | | | | | | | | | | | | | | Change code from PRC_UNREACH_ADMIN_PROHIB to PRC_UNREACH_PORT for ICMP_UNREACH_PROTOCOL and ICMP_UNREACH_PORT And let TCP treat PRC_UNREACH_PORT like PRC_UNREACH_ADMIN_PROHIB This should fix the case where port unreachables for udp returned ENETRESET instead of ECONNREFUSED Problem found by: Bill Fenner <fenner@research.att.com> Reviewed by: jlemon Notes: svn path=/head/; revision=74937
* <sys/queue.h> makeover.Poul-Henning Kamp2001-03-161-6/+4
| | | | Notes: svn path=/head/; revision=74362
* Remove in_pcbnotify and use in_pcblookup_hash to find the cb directly.Jonathan Lemon2001-02-261-42/+23
| | | | | | | | | | | For TCP, verify that the sequence number in the ICMP packet falls within the tcp receive window before performing any actions indicated by the icmp packet. Clean up some layering violations (access to tcp internals from in_pcb) Notes: svn path=/head/; revision=73109
* When converting soft error into a hard error, drop the connection. TheJonathan Lemon2001-02-231-3/+7
| | | | | | | | | | | | | | | | error will be passed up to the user, who will close the connection, so it does not appear to make a sense to leave the connection open. This also fixes a bug with kqueue, where the filter does not set EOF on the connection, because the connection is still open. Also remove calls to so{rw}wakeup, as we aren't doing anything with them at the moment anyway. Reviewed by: alfred, jesper Notes: svn path=/head/; revision=72960
* Allow ICMP unreachables which map into PRC_UNREACH_ADMIN_PROHIB toJonathan Lemon2001-02-231-67/+11
| | | | | | | | | | | | | | | | | | | reset TCP connections which are in the SYN_SENT state, if the sequence number in the echoed ICMP reply is correct. This behavior can be controlled by the sysctl net.inet.tcp.icmp_may_rst. Currently, only subtypes 2,3,10,11,12 are treated as such (port, protocol and administrative unreachables). Assocaiate an error code with these resets which is reported to the user application: ENETRESET. Disallow resetting TCP sessions which are not in a SYN_SENT state. Reviewed by: jesper, -net Notes: svn path=/head/; revision=72959
* Redo the security update done in rev 1.54 of src/sys/netinet/tcp_subr.cJesper Skriver2001-02-221-17/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and 1.84 of src/sys/netinet/udp_usrreq.c The changes broken down: - remove 0 as a wildcard for addresses and port numbers in src/sys/netinet/in_pcb.c:in_pcbnotify() - add src/sys/netinet/in_pcb.c:in_pcbnotifyall() used to notify all sessions with the specific remote address. - change - src/sys/netinet/udp_usrreq.c:udp_ctlinput() - src/sys/netinet/tcp_subr.c:tcp_ctlinput() to use in_pcbnotifyall() to notify multiple sessions, instead of using in_pcbnotify() with 0 as src address and as port numbers. - remove check for src port == 0 in - src/sys/netinet/tcp_subr.c:tcp_ctlinput() - src/sys/netinet/udp_usrreq.c:udp_ctlinput() as they are no longer needed. - move handling of redirects and host dead from in_pcbnotify() to udp_ctlinput() and tcp_ctlinput(), so they will call in_pcbnotifyall() to notify all sessions with the specific remote address. Approved by: jlemon Inspired by: NetBSD Notes: svn path=/head/; revision=72922
* Only call in_pcbnotify if the src port number != 0, as weJesper Skriver2001-02-201-0/+14
| | | | | | | | | | | | | | | | | | | treat 0 as a wildcard in src/sys/in_pbc.c:in_pcbnotify() It's sufficient to check for src|local port, as we'll have no sessions with src|local port == 0 Without this a attacker sending ICMP messages, where the attached IP header (+ 8 bytes) has the address and port numbers == 0, would have the ICMP message applied to all sessions. PR: kern/25195 Submitted by: originally by jesper, reimplimented by jlemon's advice Reviewed by: jlemon Approved by: jlemon Notes: svn path=/head/; revision=72778
* Switch to using a struct xucred instead of a struct xucred when notBrian Feldman2001-02-181-5/+16
| | | | | | | | | | | | | | | | | | | | actually in the kernel. This structure is a different size than what is currently in -CURRENT, but should hopefully be the last time any application breakage is caused there. As soon as any major inconveniences are removed, the definition of the in-kernel struct ucred should be conditionalized upon defined(_KERNEL). This also changes struct export_args to remove dependency on the constantly-changing struct ucred, as well as limiting the bounds of the size fields to the correct size. This means: a) mountd and friends won't break all the time, b) mountd and friends won't crash the kernel all the time if they don't know what they're doing wrt actual struct export_args layout. Reviewed by: bde Notes: svn path=/head/; revision=72650
* Remove unneeded loop increment in src/sys/netinet/in_pcb.c:in_pcbnotifyPoul-Henning Kamp2001-02-181-12/+43
| | | | | | | | | | | | | | | | | | | | | | | Add new PRC_UNREACH_ADMIN_PROHIB in sys/sys/protosw.h Remove condition on TCP in src/sys/netinet/ip_icmp.c:icmp_input In src/sys/netinet/ip_icmp.c:icmp_input set code = PRC_UNREACH_ADMIN_PROHIB or PRC_UNREACH_HOST for all unreachables except ICMP_UNREACH_NEEDFRAG Rename sysctl icmp_admin_prohib_like_rst to icmp_unreach_like_rst to reflect the fact that we also react on ICMP unreachables that are not administrative prohibited. Also update the comments to reflect this. In sys/netinet/tcp_subr.c:tcp_ctlinput add code to treat PRC_UNREACH_ADMIN_PROHIB and PRC_UNREACH_HOST different. PR: 23986 Submitted by: Jesper Skriver <jesper@skriver.dk> Notes: svn path=/head/; revision=72638
* Mechanical change to use <sys/queue.h> macro API instead ofPoul-Henning Kamp2001-02-041-4/+4
| | | | | | | | | | fondling implementation details. Created with: sed(1) Reviewed by: md5(1) Notes: svn path=/head/; revision=71999
* Update the "icmp_admin_prohib_like_rst" code to check the tcp-window andPoul-Henning Kamp2000-12-241-9/+60
| | | | | | | | | | to be configurable with respect to acting only in SYN or in all TCP states. PR: 23665 Submitted by: Jesper Skriver <jesper@skriver.dk> Notes: svn path=/head/; revision=70330
* We currently does not react to ICMP administratively prohibitedPoul-Henning Kamp2000-12-161-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | messages send by routers when they deny our traffic, this causes a timeout when trying to connect to TCP ports/services on a remote host, which is blocked by routers or firewalls. rfc1122 (Requirements for Internet Hosts) section 3.2.2.1 actually requi re that we treat such a message for a TCP session, that we treat it like if we had recieved a RST. quote begin. A Destination Unreachable message that is received MUST be reported to the transport layer. The transport layer SHOULD use the information appropriately; for example, see Sections 4.1.3.3, 4.2.3.9, and 4.2.4 below. A transport protocol that has its own mechanism for notifying the sender that a port is unreachable (e.g., TCP, which sends RST segments) MUST nevertheless accept an ICMP Port Unreachable for the same purpose. quote end. I've written a small extension that implement this, it also create a sysctl "net.inet.tcp.icmp_admin_prohib_like_rst" to control if this new behaviour is activated. When it's activated (set to 1) we'll treat a ICMP administratively prohibited message (icmp type 3 code 9, 10 and 13) for a TCP sessions, as if we recived a TCP RST, but only if the TCP session is in SYN_SENT state. The reason for only reacting when in SYN_SENT state, is that this will solve the problem, and at the same time minimize the risk of this being abused. I suggest that we enable this new behaviour by default, but it would be a change of current behaviour, so if people prefer to leave it disabled by default, at least for now, this would be ok for me, the attached diff actually have the sysctl set to 0 by default. PR: 23086 Submitted by: Jesper Skriver <jesper@skriver.dk> Notes: svn path=/head/; revision=70103
* Revert the last commit to the callout interface, and add a flag toJonathan Lemon2000-11-251-5/+5
| | | | | | | | | | callout_init() indicating whether the callout is safe or not. Update the callers of callout_init() to reflect the new interface. Okayed by: Jake Notes: svn path=/head/; revision=69147
* Convert all users of fldoff() to offsetof(). fldoff() is badPoul-Henning Kamp2000-10-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | because it only takes a struct tag which makes it impossible to use unions, typedefs etc. Define __offsetof() in <machine/ansi.h> Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h> Remove myriad of local offsetof() definitions. Remove includes of <stddef.h> in kernel code. NB: Kernelcode should *never* include from /usr/include ! Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API. Deprecate <struct.h> with a warning. The warning turns into an error on 01-12-2000 and the file gets removed entirely on 01-01-2001. Paritials reviews by: various. Significant brucifications by: bde Notes: svn path=/head/; revision=67708
* be careful on mbuf overrun on ctlinput.Jun-ichiro itojun Hagino2000-10-231-1/+6
| | | | | | | | short icmp6 packet may be able to panic the kernel. sync with kame. Notes: svn path=/head/; revision=67456
* Use stronger random number generation for TCP_ISSINCR and tcp_iss.Kris Kennaway2000-09-291-1/+1
| | | | | | | Reviewed by: peter, jlemon Notes: svn path=/head/; revision=66433
* Finally make do_tcpdrain sysctl live under correct parent, _net_inet_tcp,Bosko Milekic2000-09-251-2/+2
| | | | | | | as opposed to _debug. Like before, default value remains 1. Notes: svn path=/head/; revision=66376
* When a connection is being dropped due to a listen queue overflow,Jayanth Vijayaraghavan2000-07-211-0/+12
| | | | | | | | | | | | delete the cloned route that is associated with the connection. This does not exhaust the routing table memory when the system is under a SYN flood attack. The route entry is not deleted if there is any prior information cached in it. Reviewed by: Peter Wemm,asmodai Notes: svn path=/head/; revision=63745
* sync with kame tree as of july00. tons of bug fixes/improvements.Jun-ichiro itojun Hagino2000-07-041-8/+4
| | | | | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change) Notes: svn path=/head/; revision=62587
* Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.Poul-Henning Kamp2000-07-041-3/+3
| | | | | | | Pointed out by: bde Notes: svn path=/head/; revision=62573
* Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:Poul-Henning Kamp2000-07-031-3/+3
| | | | | | | | | | | Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our sources: -sysctl_vm_zone SYSCTL_HANDLER_ARGS +sysctl_vm_zone (SYSCTL_HANDLER_ARGS) Notes: svn path=/head/; revision=62454
* Let initialize th_sum before in6_cksum(), again.Yoshinobu Inoue2000-04-191-0/+1
| | | | | | | | | | | | Without this fix, all IPv6 TCP RST packet has wrong cksum value, so IPv6 connect() trial to 5.0 machine won't fail until tcp connect timeout, when they should fail soon. Thanks to haro@tk.kubota.co.jp (Munehiro Matsuda) for his much debugging help and detailed info. Notes: svn path=/head/; revision=59392
* Add support for offloading IP/TCP/UDP checksums to NIC hardware whichJonathan Lemon2000-03-271-22/+19
| | | | | | | supports them. Notes: svn path=/head/; revision=58698
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 17:58:15 +0000