summaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2.Ruslan Ermilov2001-10-174-13/+11
| | | | | | | | | | | | | | | | | | | | | | | Have sys/net/route.c:rtrequest1(), which takes ``rt_addrinfo *'' as the argument. Pass rt_addrinfo all the way down to rtrequest1 and ifa->ifa_rtrequest. 3rd argument of ifa->ifa_rtrequest is now ``rt_addrinfo *'' instead of ``sockaddr *'' (almost noone is using it anyways). Benefit: the following command now works. Previously we needed two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0 Remove unsafe typecast in rtrequest(), from ``rtentry *'' to ``sockaddr *''. It was introduced by 4.3BSD-Reno and never corrected. Obtained from: BSD/OS, NetBSD MFC after: 1 month PR: kern/28360 Notes: svn path=/head/; revision=85074
* bring in ARP support for variable length link level addressesMax Khon2001-10-142-101/+157
| | | | | | | | | | Reviewed by: jdp Approved by: jdp Obtained from: NetBSD MFC after: 6 weeks Notes: svn path=/head/; revision=84931
* - Combine kern.ps_showallprocs and kern.ipc.showallsockets intoRobert Watson2001-10-094-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | a single kern.security.seeotheruids_permitted, describes as: "Unprivileged processes may see subjects/objects with different real uid" NOTE: kern.ps_showallprocs exists in -STABLE, and therefore there is an API change. kern.ipc.showallsockets does not. - Check kern.security.seeotheruids_permitted in cr_cansee(). - Replace visibility calls to socheckuid() with cr_cansee() (retain the change to socheckuid() in ipfw, where it is used for rule-matching). - Remove prison_unpcb() and make use of cr_cansee() against the UNIX domain socket credential instead of comparing root vnodes for the UDS and the process. This allows multiple jails to share the same chroot() and not see each others UNIX domain sockets. - Remove unused socheckproc(). Now that cr_cansee() is used universally for socket visibility, a variety of policies are more consistently enforced, including uid-based restrictions and jail-based restrictions. This also better-supports the introduction of additional MAC models. Reviewed by: ps, billf Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=84736
* Add a flag TF_LASTIDLE, that forces a previously idle connectionJayanth Vijayaraghavan2001-10-052-1/+9
| | | | | | | | | | | | | | to send all its data, especially when the data is less than one MSS. This fixes an issue where the stack was delaying the sending of data, eventhough there was enough window to send all the data and the sending of data was emptying the socket buffer. Problem found by Yoshihiro Tsuchiya (tsuchiya@flab.fujitsu.co.jp) Submitted by: Jayanth Vijayaraghavan Notes: svn path=/head/; revision=84564
* Only allow users to see their own socket connections ifPaul Saab2001-10-055-8/+23
| | | | | | | | | | | | kern.ipc.showallsockets is set to 0. Submitted by: billf (with modifications by me) Inspired by: Dave McKay (aka pm aka Packet Magnet) Reviewed by: peter MFC after: 2 weeks Notes: svn path=/head/; revision=84527
* Make it so dummynet and bridge can be loaded as modules.Paul Saab2001-10-056-119/+102
| | | | | | | Submitted by: billf Notes: svn path=/head/; revision=84516
* in_ifinit apparently can be used to rewrite an ip address; recalculateJonathan Lemon2001-10-011-1/+5
| | | | | | | | | the correct hash bucket for the entry. Submitted by: iedowse (with some munging by me) Notes: svn path=/head/; revision=84317
* Fix a problem with unnumbered rules introduced in latest commit.Luigi Rizzo2001-10-011-3/+3
| | | | | | | Reported by: des Notes: svn path=/head/; revision=84315
* mdoc(7) police: Use the new .In macro for #include statements.Ruslan Ermilov2001-10-011-3/+3
| | | | Notes: svn path=/head/; revision=84306
* Add __FBSDID's to libaliasMatthew Dillon2001-09-3010-21/+32
| | | | Notes: svn path=/head/; revision=84195
* Nuke unused (and incorrect) #define of INADDR_HMASK.Jonathan Lemon2001-09-291-1/+0
| | | | | | | Spotted by: ru Notes: svn path=/head/; revision=84137
* Make the INADDR_TO_IFP macro use the IP address hash lookup instead ofJonathan Lemon2001-09-291-1/+1
| | | | | | | | | walking the entire list of IP addresses. Pointed out by: bfumerola Notes: svn path=/head/; revision=84109
* Add a hash table that contains the list of internet addresses, and useJonathan Lemon2001-09-296-63/+113
| | | | | | | | this in place of the in_ifaddr list when appropriate. This improves performance on hosts which have a large number of IP aliases. Notes: svn path=/head/; revision=84102
* Centralize satosin(), sintosa() and ifatoia() macros in <netinet/in.h>Jonathan Lemon2001-09-295-11/+6
| | | | | | | Remove local definitions. Notes: svn path=/head/; revision=84101
* Two main changes here:Luigi Rizzo2001-09-276-252/+333
| | | | | | | | | | | | | | | | | | + implement "limit" rules, which permit to limit the number of sessions between certain host pairs (according to masks). These are a special type of stateful rules, which might be of interest in some cases. See the ipfw manpage for details. + merge the list pointers and ipfw rule descriptors in the kernel, so the code is smaller, faster and more readable. This patch basically consists in replacing "foo->rule->bar" with "rule->bar" all over the place. I have been willing to do this for ages! MFC after: 1 week Notes: svn path=/head/; revision=84058
* Remove unused (and duplicate) struct ip_opts which is never used,Luigi Rizzo2001-09-271-12/+0
| | | | | | | | | | | | | | | | | | not referenced in Stevens, and does not compile with g++. There is an equivalent structure, struct ipoption in ip_var.h which is actually used in various parts of the kernel, and also referenced in Stevens. Bill Fenner also says: ... if you want the trivia, struct ip_opts was introduced in in.h SCCS revision 7.9, on 6/28/1990, by Mike Karels. struct ipoption was introduced in ip_var.h SCCS revision 6.5, on 9/16/1985, by... Mike Karels. MFC-after: 3 days Notes: svn path=/head/; revision=84023
* Include sys/proc.h for the definition of securelevel_ge().Brooks Davis2001-09-261-0/+1
| | | | | | | Submitted by: LINT Notes: svn path=/head/; revision=83994
* o Modify IPFW and DUMMYNET administrative setsockopt() calls to useRobert Watson2001-09-262-5/+13
| | | | | | | | | | securelevel_gt() to check the securelevel, rather than direct access to the securelevel variable. Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=83970
* Make faith loadable, unloadable, and clonable.Brooks Davis2001-09-254-28/+4
| | | | Notes: svn path=/head/; revision=83934
* Fix a null pointer dereference introduced in the last commit, plusLuigi Rizzo2001-09-241-6/+4
| | | | | | | | | remove a useless assignment and move a comment. Submitted by: Thomas Moestl Notes: svn path=/head/; revision=83873
* Fixed the bug that prevented communication with FTP servers behindRuslan Ermilov2001-09-211-3/+4
| | | | | | | | | | | | | | | | | | NAT in extended passive mode if the server's public IP address was different from the main NAT address. This caused a wrong aliasing link to be created that did not route the incoming packets back to the original IP address of the server. natd -v -n pub0 -redirect_address localFTP publicFTP Note that even if localFTP == publicFTP, one still needs to supply the -redirect_address directive. It is needed as a helper because extended passive mode's 229 reply does not contain the IP address. MFC after: 1 week Notes: svn path=/head/; revision=83771
* o Rename u_cansee() to cr_cansee(), making the name more comprehensibleRobert Watson2001-09-203-5/+5
| | | | | | | | | in the face of a rename of ucred to cred, and possibly generally. Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=83742
* A bunch of minor changes to the code (see below) for readability, code sizeLuigi Rizzo2001-09-202-310/+339
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and speed. No new functionality added (yet) apart from a bugfix. MFC will occur in due time and probably in stages. BUGFIX: fix a problem in old code which prevented reallocation of the hash table for dynamic rules (there is a PR on this). OTHER CHANGES: minor changes to the internal struct for static and dynamic rules. Requires rebuild of ipfw binary. Add comments to show how data structures are linked together. (It probably makes no sense to keep the chain pointers separate from actual rule descriptors. They will be hopefully merged soon. keep a (sysctl-readable) counter for the number of static rules, to speed up IP_FW_GET operations initial support for a "grace time" for expired connections, so we can set timeouts for closing connections to much shorter times. merge zero_entry() and resetlog_entry(), they use basically the same code. clean up and reduce replication of code for removing rules, both for readability and code size. introduce a separate lifetime for dynamic UDP rules. fix a problem in old code which prevented reallocation of the hash table for dynamic rules (PR ...) restructure dynamic rule descriptors introduce some local variables to avoid multiple dereferencing of pointer chains (reduces code size and hopefully increases speed). Notes: svn path=/head/; revision=83725
* Fixed comment: ipip_input -> mroute_encapcheck.Munechika SUMIKAWA2001-09-201-1/+1
| | | | | | | Reported by: bde Notes: svn path=/head/; revision=83708
* Removed ipip_input(). No codes calls it anymore due to ip_encap.c'sMunechika SUMIKAWA2001-09-181-4/+0
| | | | | | | encapsulation support. Notes: svn path=/head/; revision=83615
* KSE Milestone 2Julian Elischer2001-09-1213-95/+95
| | | | | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha Notes: svn path=/head/; revision=83366
* Remove some un-needed code that was accidentally included inJulian Elischer2001-09-071-15/+0
| | | | | | | | | the 2nd previous KAME patch. Submitted by: SUMIKAWA Munechika <sumikawa@ebina.hitachi.co.jp> Notes: svn path=/head/; revision=83188
* Patches from KAME to remove usage of Varargs in existingJulian Elischer2001-09-072-13/+4
| | | | | | | | | | IPV4 code. For now they will still have some in the developing stuff (IPv6) Submitted by: Keiichi SHIMA / <keiichi@iij.ad.jp> Obtained from: KAME Notes: svn path=/head/; revision=83187
* Wrap array accesses in macros, which also happen to be lvalues:Jonathan Lemon2001-09-063-4/+4
| | | | | | | | | | ifnet_addrs[i - 1] -> ifaddr_byindex(i) ifindex2ifnet[i] -> ifnet_byindex(i) This is intended to ease the conversion to SMPng. Notes: svn path=/head/; revision=83130
* Fix sysctl comment field, s/the the/then theAlfred Perlstein2001-09-041-1/+1
| | | | | | | Pointed out by: ru Notes: svn path=/head/; revision=82966
* Allow disabling of "arp moved" messages.Alfred Perlstein2001-09-031-6/+12
| | | | | | | Submitted by: Stephen Hurd <deuce@lordlegacy.org> Notes: svn path=/head/; revision=82893
* I really hope this is the right answer.Julian Elischer2001-09-031-1/+3
| | | | | | | | call ip_input directly but take the offset off the packet first if it's an IPV4 packet encapsulated. Notes: svn path=/head/; revision=82892
* Call ip_input() instead of ipip_input()Julian Elischer2001-09-031-1/+8
| | | | | | | | when decoding encapsulated ipv4 packets. (allows line to compile again) Notes: svn path=/head/; revision=82891
* One caller of rip_input failed to be converted in the last commit.Julian Elischer2001-09-031-1/+1
| | | | Notes: svn path=/head/; revision=82890
* Patches from Keiichi SHIMA <keiichi@iij.ad.jp>Julian Elischer2001-09-0318-58/+58
| | | | | | | | | to make ip use the standard protosw structure again. Obtained from: Well, KAME I guess. Notes: svn path=/head/; revision=82884
* when newreno is turned on, if dupacks = 1 or dupacks = 2 andJayanth Vijayaraghavan2001-08-292-0/+4
| | | | | | | | | | | | new data is acknowledged, reset the dupacks to 0. The problem was spotted when a connection had its send buffer full because the congestion window was only 1 MSS and was not being incremented because dupacks was not reset to 0. Obtained from: Yahoo! Notes: svn path=/head/; revision=82529
* When net.inet.tcp.icmp_may_rst is enabled, report ECONNREFUSED not ENETRESETJesper Skriver2001-08-271-1/+1
| | | | | | | | | | | | | to the application as a RST would, this way we're compatible with the most applications. MFC candidate. Submitted by: Scott Renfro <scott@renfro.org> Reviewed by: Mike Silbersack <silby@silby.com> Notes: svn path=/head/; revision=82445
* the IP_FW_GET code in ip_fw_ctl() sizes a buffer to hold informationBill Fumerola2001-08-261-0/+3
| | | | | | | | | | | | | | | | | | | | about rules and dynamic rules. it later fills this buffer with these rules. it also takes the opporunity to compare the expiration of the dynamic rules with the current time and either marks them for deletion or simply charges the countdown. unfortunatly it does this all (the sizing, the buffer copying, and the expiration GC) with no spl protection whatsoever. it was possible for the dynamic rule(s) to be ripped out from under the request before it had completed, resulting in corrupt memory dereferencing. Reviewed by: ps MFC before: 4.4-RELEASE, hopefully. Notes: svn path=/head/; revision=82345
* Correct a typo in a comment: FIN_WAIT2 -> FIN_WAIT_2Dima Dorfman2001-08-232-2/+2
| | | | | | | | PR: 29970 Submitted by: Joseph Mallett <jmallett@xMach.org> Notes: svn path=/head/; revision=82238
* Much delayed but now present: RFC 1948 style sequence numbersMike Silbersack2001-08-228-178/+199
| | | | | | | | | | | | | In order to ensure security and functionality, RFC 1948 style initial sequence number generation has been implemented. Barring any major crypographic breakthroughs, this algorithm should be unbreakable. In addition, the problems with TIME_WAIT recycling which affect our currently used algorithm are not present. Reviewed by: jesper Notes: svn path=/head/; revision=82122
* Added TFTP support.Ruslan Ermilov2001-08-211-0/+9
| | | | | | | | Submitted by: Joe Clarke <marcus@marcuscom.com> MFC after: 2 weeks Notes: svn path=/head/; revision=82069
* Close the "IRC DCC" security breach reported recently on Bugtraq.Ruslan Ermilov2001-08-211-0/+6
| | | | | | | Submitted by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org> Notes: svn path=/head/; revision=82050
* Make the copyright consistent.Brian Somers2001-08-204-12/+0
| | | | | | | Previously approved by: Charles Mott <cmott@scientech.com> Notes: svn path=/head/; revision=82001
* Handle snprintf() returning -1Brian Somers2001-08-201-3/+13
| | | | | | | MFC after: 2 weeks Notes: svn path=/head/; revision=81962
* Make the protoswitch definitiosn checkable in the same way thatJulian Elischer2001-08-101-15/+9
| | | | | | | | | | | cdevsw entries have been for a long time. Discover that we now have two version sof the same structure. I will shoot one of them shortly when I figure out why someone thinks they need it. (And I can prove they don't) (netinet/ipprotosw.h should GO AWAY) Notes: svn path=/head/; revision=81501
* mdoc(7) police:Ruslan Ermilov2001-08-071-4/+2
| | | | | | | | | | Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text. Not only this slows down the mdoc(7) processing significantly, but it also has an undesired (in this case) effect of disabling hyphenation within the entire enclosed block. Notes: svn path=/head/; revision=81251
* When running aplication joined multicast address,Hajimu UMEMOTO2001-08-043-0/+51
| | | | | | | | | | | | | | | | | removing network card, and kill aplication. imo_membership[].inm_ifp refer interface pointer after removing interface. When kill aplication, release socket,and imo_membership. imo_membership use already not exist interface pointer. Then, kernel panic. PR: 29345 Submitted by: Inoue Yuichi <inoue@nd.net.fujitsu.co.jp> Obtained from: KAME MFC after: 3 days Notes: svn path=/head/; revision=81127
* MFS: Avoid dropping fragments in the absence of an interface address.Daniel C. Sobral2001-08-031-3/+5
| | | | | | | | | Noticed by: fenner Submitted by: iedowse Not committed to current by: iedowse ;-) Notes: svn path=/head/; revision=81111
* Fix a warning.Peter Wemm2001-07-272-0/+4
| | | | Notes: svn path=/head/; revision=80429
* Patch up some style(9) stuff in tcp_new_isn()Peter Wemm2001-07-272-22/+14
| | | | Notes: svn path=/head/; revision=80428
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-05 11:18:20 +0000