summaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Implement a new IP_SENDSRCADDR ancillary message type that permitsIan Dowse2002-10-212-4/+63
| | | | | | | | | | | | | | | a server process bound to a wildcard UDP socket to select the IP address from which outgoing packets are sent on a per-datagram basis. When combined with IP_RECVDSTADDR, such a server process can guarantee to reply to an incoming request using the same source IP address as the destination IP address of the request, without having to open one socket per server IP address. Discussed on: -net Approved by: re Notes: svn path=/head/; revision=105651
* Remove the "temporary connection" hack in udp_output(). In orderIan Dowse2002-10-211-23/+26
| | | | | | | | | | | | | | | | | | | | to send datagrams from an unconnected socket, we used to first block input, then connect the socket to the sendmsg/sendto destination, send the datagram, and finally disconnect the socket and unblock input. We now use in_pcbconnect_setup() to check if a connect() would have succeeded, but we never record the connection in the PCB (local anonymous port allocation is still recorded, though). The result from in_pcbconnect_setup() authorises the sending of the datagram and selects the local address and port to use, so we just construct the header and call ip_output(). Discussed on: -net Approved by: re Notes: svn path=/head/; revision=105649
* Replace in_pcbladdr() with a more generic inner subroutine forIan Dowse2002-10-213-100/+136
| | | | | | | | | | | | | | | | | | in_pcbconnect() called in_pcbconnect_setup(). This version performs all of the functions of in_pcbconnect() except for the final committing of changes to the PCB. In the case of an EADDRINUSE error it can also provide to the caller the PCB of the duplicate connection, avoiding an extra in_pcblookup_hash() lookup in tcp_connect(). This change will allow the "temporary connect" hack in udp_output() to be removed and is part of the preparation for adding the IP_SENDSRCADDR control message. Discussed on: -net Approved by: re Notes: svn path=/head/; revision=105629
* Fix two instances of variant struct definitions in sys/netinet:Poul-Henning Kamp2002-10-209-89/+52
| | | | | | | | | | | | | | | | | Remove the never completed _IP_VHL version, it has not caught on anywhere and it would make us incompatible with other BSD netstacks to retain this version. Add a CTASSERT protecting sizeof(struct ip) == 20. Don't let the size of struct ipq depend on the IPDIVERT option. This is a functional no-op commit. Approved by: re Notes: svn path=/head/; revision=105586
* When a packet is multicast encapsulated, give labeled policies theRobert Watson2002-10-201-0/+5
| | | | | | | | | | opportunity to preserve the label. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Notes: svn path=/head/; revision=105570
* Split out most of the logic from in_pcbbind() into a new functionIan Dowse2002-10-202-36/+66
| | | | | | | | | | | | | | called in_pcbbind_setup() that does everything except commit the changes to the PCB. There should be no functional change here, but in_pcbbind_setup() will be used by the soon-to-appear IP_SENDSRCADDR control message implementation to check or allocate the source address and port. Discussed on: -net Approved by: re Notes: svn path=/head/; revision=105565
* Several malloc() calls were passing the M_DONTWAIT flagMaxime Henrion2002-10-191-3/+3
| | | | | | | | | which is an mbuf allocation flag. Use the correct M_NOWAIT malloc() flag. Fortunately, both were defined to 1, so this commit is a no-op. Notes: svn path=/head/; revision=105440
* last arg of in6?_gif_output() is not used any more.Hajimu UMEMOTO2002-10-172-3/+2
| | | | | | | | Obtained from: KAME MFC after: 3 weeks Notes: svn path=/head/; revision=105340
* de-__P().Alfred Perlstein2002-10-162-4/+4
| | | | Notes: svn path=/head/; revision=105301
* use encapcheck.Hajimu UMEMOTO2002-10-161-14/+0
| | | | | | | | Obtained from: KAME MFC after: 3 weeks Notes: svn path=/head/; revision=105295
* - after gif_set_tunnel(), psrc/pdst may be null. set IFF_RUNNING accordingly.Hajimu UMEMOTO2002-10-162-29/+92
| | | | | | | | | | | | | | | | | - set IFF_UP on SIOCSIFADDR. be consistent with others. - set if_addrlen explicitly (just in case) - multi destination mode is long gone. - missing break statement - add gif_set_tunnel(), so that we can set tunnel address from within the kernel at ease. - encap_attach/detach dynamically on ioctls - move encap_attach() to dedicated function in in*_gif.c Obtained from: KAME MFC after: 3 weeks Notes: svn path=/head/; revision=105293
* Fix oops in my last commit, I was calculating a new length but then notMatthew Dillon2002-10-161-1/+1
| | | | | | | | | using it. (The code is already correct in -stable). Found by: silby Notes: svn path=/head/; revision=105291
* Get rid of checking for ip sec history. It is true that packets are notGuido van Rooij2002-10-161-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | supposed to be checked by the firewall rules twice. However, because the various ipsec handlers never call ip_input(), this never happens anyway. This fixes the situation where a gif tunnel is encrypted with IPsec. In such a case, after IPsec processing, the unencrypted contents from the GIF tunnel are fed back to the ipintrq and subsequently handeld by ip_input(). Yet, since there still is IPSec history attached, the packets coming out from the gif device are never fed into the filtering code. This fix was sent to Itojun, and he pointed towartds http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction. This patch actually implements what is stated there (specifically: Packet came from tunnel devices (gif(4) and ipip(4)) will still go through ipf(4). You may need to identify these packets by using interface name directive in ipf.conf(5). Reviewed by: rwatson MFC after: 3 weeks Notes: svn path=/head/; revision=105218
* correct PCB locking in broadcast/multicast case that was exposed by changeSam Leffler2002-10-161-1/+1
| | | | | | | | | to use udp_append Reviewed by: hsu Notes: svn path=/head/; revision=105201
* Tie new "Fast IPsec" code into the build. This involves the usualSam Leffler2002-10-1614-92/+438
| | | | | | | | | | | | | | | configuration stuff as well as conditional code in the IPv4 and IPv6 areas. Everything is conditional on FAST_IPSEC which is mutually exclusive with IPSEC (KAME IPsec implmentation). As noted previously, don't use FAST_IPSEC with INET6 at the moment. Reviewed by: KAME, rwatson Approved by: silence Supported by: Vernier Networks Notes: svn path=/head/; revision=105199
* Replace aux mbufs with packet tags:Sam Leffler2002-10-1619-106/+51
| | | | | | | | | | | | | | | | | | | | | | o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month Notes: svn path=/head/; revision=105194
* Increase the max dummynet hash size from 1024 to 65536. Default is stillSean Chittenden2002-10-122-2/+8
| | | | | | | | | | | | 1024. Silence on: -net, -ipfw 4weeks+ Reviewed by: dd Approved by: knu (mentor) MFC after: 3 weeks Notes: svn path=/head/; revision=104975
* turn off debugging by default if bandwidth delay product limiting isMatthew Dillon2002-10-102-2/+2
| | | | | | | turned on (it is already off in -stable). Notes: svn path=/head/; revision=104825
* Update various comments mainly related to retransmit/FIN that IMatthew Dillon2002-10-101-6/+36
| | | | | | | | | | | documented while working on a previous bug. Fix a PERSIST bug. Properly account for a FIN sent during a PERSIST. MFC after: 7 days Notes: svn path=/head/; revision=104815
* Fix IPOPT_TS processing: do not overwrite IP address by timestamp.Maxim Konovalov2002-10-101-0/+2
| | | | | | | | | | PR: misc/42121 Submitted by: Praveen Khurjekar <praveen@codito.com> Reviewed by: silence on -net MFC after: 1 month Notes: svn path=/head/; revision=104774
* Since bpf is no longer an optional component, remove associated ifdef's.Maxim Sobolev2002-10-021-7/+2
| | | | | | | | Submitted by: don't quite remember - the name of the sender disappeared with the rest of my inbox. :( Notes: svn path=/head/; revision=104366
* Include <sys/cdefs.h> so the visibility conditionals are available.Mike Barcroft2002-10-021-0/+2
| | | | | | | (This should have been included with the previous revision.) Notes: svn path=/head/; revision=104343
* Use visibility conditionals. Only TCP_NODELAY ends up being definedMike Barcroft2002-10-021-1/+6
| | | | | | | in the standards case. Notes: svn path=/head/; revision=104342
* Guido found another bug. There is a situation withMatthew Dillon2002-09-302-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | timestamped TCP packets where FreeBSD will send DATA+FIN and A W2K box will ack just the DATA portion. If this occurs after FreeBSD has done a (NewReno) fast-retransmit and is recovering it (dupacks > threshold) it triggers a case in tcp_newreno_partial_ack() (tcp_newreno() in stable) where tcp_output() is called with the expectation that the retransmit timer will be reloaded. But tcp_output() falls through and returns without doing anything, causing the persist timer to be loaded instead. This causes the connection to hang until W2K gives up. This occurs because in the case where only the FIN must be acked, the 'len' calculation in tcp_output() will be 0, a lot of checks will be skipped, and the FIN check will also be skipped because it is designed to handle FIN retransmits, not forced transmits from tcp_newreno(). The solution is to simply set TF_ACKNOW before calling tcp_output() to absolute guarentee that it will run the send code and reset the retransmit timer. TF_ACKNOW is already used for this purpose in other cases. For some unknown reason this patch also seems to greatly reduce the number of duplicate acks received when Guido runs his tests over a lossy network. It is quite possible that there are other tcp_newreno{_partial_ack()} cases which were not generating the expected output which this patch also fixes. X-MFC after: Will be MFC'd after the freeze is over Notes: svn path=/head/; revision=104226
* Be consistent about "static" functions: if the function is markedPoul-Henning Kamp2002-09-281-1/+1
| | | | | | | | | static in its prototype, mark it static at the definition too. Inspired by: FlexeLint warning #512 Notes: svn path=/head/; revision=104094
* Zap now-unused SHLIB_MINORPeter Wemm2002-09-281-1/+0
| | | | Notes: svn path=/head/; revision=104073
* Slightly rearrange a code in rev. 1.164:Maxim Konovalov2002-09-231-4/+8
| | | | | | | | | | | | | o Move len initialization closer to place of its first usage. o Compare len with 0 to improve readability. o Explicitly zero out phlen in ip_insertoptions() in failure case. Suggested by: jhb Reviewed by: jhb MFC after: 2 weeks Notes: svn path=/head/; revision=103852
* s/__attribute__((__packed__))/__packed/gAlfred Perlstein2002-09-232-26/+26
| | | | Notes: svn path=/head/; revision=103842
* Fix issue where shutdown(socket, SHUT_RD) was effectivelyMike Silbersack2002-09-222-6/+20
| | | | | | | | | | | ignored for TCP sockets. NetBSD PR: 18185 Submitted by: Sean Boudreau <seanb@qnx.com> MFC after: 3 days Notes: svn path=/head/; revision=103776
* Use m_fixhdr() rather than roll our own.Poul-Henning Kamp2002-09-181-6/+2
| | | | Notes: svn path=/head/; revision=103553
* Guido reported an interesting bug where an FTP connection between aMatthew Dillon2002-09-172-10/+46
| | | | | | | | | | | | | | | | | | | | | | Windows 2000 box and a FreeBSD box could stall. The problem turned out to be a timestamp reply bug in the W2K TCP stack. FreeBSD sends a timestamp with the SYN, W2K returns a timestamp of 0 in the SYN+ACK causing FreeBSD to calculate an insane SRTT and RTT, resulting in a maximal retransmit timeout (60 seconds). If there is any packet loss on the connection for the first six or so packets the retransmit case may be hit (the window will still be too small for fast-retransmit), causing a 60+ second pause. The W2K box gives up and closes the connection. This commit works around the W2K bug. 15:04:59.374588 FREEBSD.20 > W2K.1036: S 1420807004:1420807004(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 188297344 0> (DF) [tos 0x8] 15:04:59.377558 W2K.1036 > FREEBSD.20: S 4134611565:4134611565(0) ack 1420807005 win 17520 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0> (DF) Bug reported by: Guido van Rooij <guido@gvr.org> Notes: svn path=/head/; revision=103505
* Remove __RCSID().Maxim Sobolev2002-09-171-3/+0
| | | | | | | Submitted by: bde Notes: svn path=/head/; revision=103481
* Explicitly clear M_FRAG flag on a mbuf with the last fragment to unbreakMaxim Konovalov2002-09-171-1/+2
| | | | | | | | | | | ip fragments reassembling for loopback interface. Discussed with: bde, jlemon Reviewed by: silence on -net MFC after: 2 weeks Notes: svn path=/head/; revision=103479
* In rare cases when there is no room for ip options ip_insertoptions()Maxim Konovalov2002-09-171-1/+3
| | | | | | | | | | | can fail and corrupt a header length. Initialize len and check what ip_insertoptions() returns. Reviewed by: archie, silence on -net MFC after: 5 days Notes: svn path=/head/; revision=103478
* Tempary fix for inet6. The final fix is to change in6_pcbnotify to take ↵Jennifer Yang2002-09-171-0/+2
| | | | | | | | | pcbinfo instead of pcbhead. It is on the way. Notes: svn path=/head/; revision=103444
* Remove superfluous break.Maxim Sobolev2002-09-101-1/+0
| | | | Notes: svn path=/head/; revision=103176
* Since from now on encap_input() also catches IPPROTO_MOBILE and IPPROTO_GREMaxim Sobolev2002-09-091-1/+1
| | | | | | | | | | | packets in addition to IPPROTO_IPV4 and IPPROTO_IPV6, explicitly specify IPPROTO_IPV4 or IPPROTO_IPV6 instead of -1 when calling encap_attach(). MFC after: 28 days (along with other if_gre changes) Notes: svn path=/head/; revision=103124
* Reduce namespace pollution by staticizing everything, which doesn't need toMaxim Sobolev2002-09-061-4/+4
| | | | | | | be visible from outside of the module. Notes: svn path=/head/; revision=103032
* Add a new gre(4) driver, which could be used to create GRE (RFC1701)Maxim Sobolev2002-09-063-0/+415
| | | | | | | | | and MOBILE (RFC2004) IP tunnels. Obrained from: NetBSD Notes: svn path=/head/; revision=103026
* Fixed namespace pollution in uma changes:Bruce Evans2002-09-051-2/+3
| | | | | | | | | | | | | | | - use `struct uma_zone *' instead of uma_zone_t, so that <sys/uma.h> isn't a prerequisite. - don't include <sys/uma.h>. Namespace pollution makes "opaque" types like uma_zone_t perfectly non-opaque. Such types should never be used (see style(9)). Fixed subsequently grwon dependencies of this header on its own pollution: - include <sys/_mutex.h> and its prerequisite <sys/_lock.h> instead of depending on namespace pollution 2 layers deep in <sys/uma.h>. Notes: svn path=/head/; revision=102981
* Include <sys/mutex.h> and its prerequisite <sys/lock.h> instead of dependingBruce Evans2002-09-051-8/+6
| | | | | | | | | on namespace pollution 4 layers deep in <netinet/in_pcb.h>. Removed unused includes. Sorted includes. Notes: svn path=/head/; revision=102967
* Add in_hosteq() and in_nullhost() macros to make life of developersMaxim Sobolev2002-09-041-0/+3
| | | | | | | | | porting NetBSD code a little bit easier. Obtained from: NetBSD Notes: svn path=/head/; revision=102925
* some ipfilter files that accidently got imported hereDarren Reed2002-08-293-696/+0
| | | | Notes: svn path=/head/; revision=102575
* This commit was generated by cvs2svn to compensate for changes in r102514,Darren Reed2002-08-283-0/+696
|\ | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=102515
| * Update IP Filter kernel sourcevendor/ipfilter-sys/v3-4-16Darren Reed2001-02-0422-15110/+0
| | | | | | | | | | Notes: svn path=/vendor-sys/ipfilter/dist-old/; revision=72001 svn path=/vendor-sys/ipfilter/v3-4-16/; revision=72002; tag=vendor/ipfilter-sys/v3-4-16
| * Import IP filter 3.4.13Darren Reed2000-10-298-48/+58
| | | | | | | | Notes: svn path=/vendor-sys/ipfilter/dist-old/; revision=67851
| * Import IP Filter 3.4.12 into kernel source treeDarren Reed2000-10-2614-192/+613
| | | | | | | | Notes: svn path=/vendor-sys/ipfilter/dist-old/; revision=67611
| * Import IP Filter 3.4.9 bits into the kernelDarren Reed2000-08-1310-102/+367
| | | | | | | | Notes: svn path=/vendor-sys/ipfilter/dist-old/; revision=64578
| * import ipfilter 3.4.8Darren Reed2000-07-1913-112/+226
| | | | | | | | Notes: svn path=/vendor-sys/ipfilter/dist-old/; revision=63521
| * Import IP Filter 3.4.4 into the kernelDarren Reed2000-05-2420-2519/+6875
| | | | | | | | Notes: svn path=/vendor-sys/ipfilter/dist-old/; revision=60848
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-05 08:17:56 +0000