summaryrefslogtreecommitdiff
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Do not ignore all other TCP options (eg. timestamp, window scaling)Andre Oppermann2005-09-141-1/+1
| | | | | | | | | | | when responding to TCP SYN packets with TCP_MD5 enabled and set. PR: kern/82963 Submitted by: <demizu at dd.iij4u.or.jp> MFC after: 3 days Notes: svn path=/head/; revision=150131
* Fix panic when kernel compiled without INET6 by rejectingBjoern A. Zeeb2005-09-141-6/+30
| | | | | | | | | | IPv6 opcodes which are behind #if(n)def INET6 now. PR: kern/85826 MFC after: 3 days Notes: svn path=/head/; revision=150122
* In tcp_ctlinput() do not swap ip->ip_len a second time. ItAndre Oppermann2005-09-102-4/+6
| | | | | | | | | | | | | | has been done in icmp_input() already. This fixes the ICMP_UNREACH_NEEDFRAG case where no MTU was proposed in the ICMP reply. PR: kern/81813 Submitted by: Vitezslav Novy <vita at fio.cz> MFC after: 3 days Notes: svn path=/head/; revision=149929
* - Do not hold route entry lock, when calling arprequest(). One suchGleb Smirnoff2005-09-091-9/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | call was introduced by me in 1.139, the other one was present before. - Do all manipulations with rtentry and la before dropping the lock. - Copy interface address from route into local variable before dropping the lock. Supply this copy as argument to arprequest() LORs fixed: http://sources.zabbadoz.net/freebsd/lor/003.html http://sources.zabbadoz.net/freebsd/lor/037.html http://sources.zabbadoz.net/freebsd/lor/061.html http://sources.zabbadoz.net/freebsd/lor/062.html http://sources.zabbadoz.net/freebsd/lor/064.html http://sources.zabbadoz.net/freebsd/lor/068.html http://sources.zabbadoz.net/freebsd/lor/071.html http://sources.zabbadoz.net/freebsd/lor/074.html http://sources.zabbadoz.net/freebsd/lor/077.html http://sources.zabbadoz.net/freebsd/lor/093.html http://sources.zabbadoz.net/freebsd/lor/135.html http://sources.zabbadoz.net/freebsd/lor/140.html http://sources.zabbadoz.net/freebsd/lor/142.html http://sources.zabbadoz.net/freebsd/lor/145.html http://sources.zabbadoz.net/freebsd/lor/152.html http://sources.zabbadoz.net/freebsd/lor/158.html Notes: svn path=/head/; revision=149909
* When a carp(4) interface is being destroyed and is in a promiscous mode,Gleb Smirnoff2005-09-091-0/+1
| | | | | | | | | | | | | first interface is detached from parent and then bpfdetach() is called. If the interface was the last carp(4) interface attached to parent, then the mutex on parent is destroyed. When bpfdetach() calls if_setflags() we panic on destroyed mutex. To prevent the above scenario, clear pointer to parent, when we detach ourselves from parent. Notes: svn path=/head/; revision=149907
* clear lock on error in O_LIMIT case of install_stateSam Leffler2005-09-041-0/+1
| | | | | | | | Submitted by: Ted Unangst MFC after: 3 days Notes: svn path=/head/; revision=149783
* Use the correct mbuf type for MGET().Andre Oppermann2005-08-304-4/+4
| | | | Notes: svn path=/head/; revision=149635
* Add newline to debuging printf.Gleb Smirnoff2005-08-261-1/+2
| | | | | | | | PR: kern/85271 Submitted by: Simon Morgan Notes: svn path=/head/; revision=149506
* - Refuse hashsize of 0, since it is invalid.Gleb Smirnoff2005-08-251-2/+2
| | | | | | | - Use defined constant instead of 512. Notes: svn path=/head/; revision=149455
* When we have a published ARP entry for some IP address, do reply onGleb Smirnoff2005-08-251-0/+9
| | | | | | | | | | | | | | ARP requests only on the network where this IP address belong, to. Before this change we did replied on all interfaces. This could lead to an IP address conflict with host we are doing ARP proxy for. PR: kern/75634 Reviewed by: andre Notes: svn path=/head/; revision=149451
* Remove a KASSERT in the sack path that fails because of a interactionPaul Saab2005-08-242-6/+0
| | | | | | | | | | between sack and a bug in the "bad retransmit recovery" logic. This is a workaround, the underlying bug will be fixed later. Submitted by: Mohan Srinivasan, Noritoshi Demizu Notes: svn path=/head/; revision=149404
* Fix up the comment for MAX_SACK_BLKS.Paul Saab2005-08-241-1/+1
| | | | | | | Submitted by: Noritoshi Demizu Notes: svn path=/head/; revision=149403
* Remove unnecessary IPSEC includes.Andre Oppermann2005-08-232-16/+0
| | | | | | | | MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005 Notes: svn path=/head/; revision=149391
* o Fix a logic error when not doing mbuf cluster allocation.Andre Oppermann2005-08-221-4/+5
| | | | | | | | | | o Change an old panic() to a clean function exit. MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005 Notes: svn path=/head/; revision=149378
* Add socketoption IP_MINTTL. May be used to set the minimum acceptableAndre Oppermann2005-08-227-0/+32
| | | | | | | | | | | | | | | | | | | | TTL a packet must have when received on a socket. All packets with a lower TTL are silently dropped. Works on already connected/connecting and listening sockets for RAW/UDP/TCP. This option is only really useful when set to 255 preventing packets from outside the directly connected networks reaching local listeners on sockets. Allows userland implementation of 'The Generalized TTL Security Mechanism (GTSM)' according to RFC3682. Examples of such use include the Cisco IOS BGP implementation command "neighbor ttl-security". MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005 Notes: svn path=/head/; revision=149371
* Always quote the entire TCP header when responding and allocate an mbufAndre Oppermann2005-08-221-4/+24
| | | | | | | | | | | | | | | cluster if needed. Fixes the TCP issues raised in I-D draft-gont-icmp-payload-00.txt. This aids in-the-wild debugging a lot and allows the receiver to do more elaborate checks on the validity of the response. MFC after: 2 weeks Sponsored by: TCP/IP Optimization Fundraise 2005 Notes: svn path=/head/; revision=149370
* Handle pure layer 2 broad- and multicasts properly and simplify relatedAndre Oppermann2005-08-221-19/+3
| | | | | | | | | | | checks. PR: kern/85052 Submitted by: Dmitrij Tejblum <tejblum at yandex-team.ru> MFC after: 3 days Notes: svn path=/head/; revision=149369
* Commit correct version of the change and note the name of the newAndre Oppermann2005-08-211-1/+1
| | | | | | | | | sysctl: net.inet.icmp.quotelen and defaults to 8 bytes. Pointy hat to: andre Notes: svn path=/head/; revision=149350
* Add a sysctl to change to length of the quotation of the originalAndre Oppermann2005-08-211-1/+12
| | | | | | | | | | | | | | | packet in an ICMP reply. The minimum of 8 bytes is internally enforced. The maximum quotation is the remaining space in the reply mbuf. This option is added in response to the issues raised in I-D draft-gont-icmp-payload-00.txt. MFC after: 2 weeks Spnsored by: TCP/IP Optimizations Fundraise 2005 Notes: svn path=/head/; revision=149349
* Add an option to have ICMP replies to non-local packets generated withAndre Oppermann2005-08-211-0/+19
| | | | | | | | | | | | | | the IP address the packet came through in. This is useful for routers to show in traceroutes the actual path a packet has taken instead of the possibly different return path. The new sysctl is named net.inet.icmp.reply_from_interface and defaults to off. MFC after: 2 weeks Notes: svn path=/head/; revision=149347
* In order to support CARP interfaces kernel was taught to handle moreGleb Smirnoff2005-08-181-2/+12
| | | | | | | | | | | | | | | | than one interface in one subnet. However, some userland apps rely on the believe that this configuration is impossible. Add a sysctl switch net.inet.ip.same_prefix_carp_only. If the switch is on, then kernel will refuse to add an additional interface to already connected subnet unless the interface is CARP. Default value is off. PR: bin/82306 In collaboration with: mlaier Notes: svn path=/head/; revision=149221
* Fix broken build of rev. 1.108 in case of no INET6 and IPFIREWALLBjoern A. Zeeb2005-08-141-1/+7
| | | | | | | | | compiled into kernel. Spotted and tested by: Michal Mertl <mime at traveller.cz> Notes: svn path=/head/; revision=149052
* * Add dynamic sysctl for net.inet6.ip6.fw.Bjoern A. Zeeb2005-08-132-67/+288
| | | | | | | | | | | | | | | | * Correct handling of IPv6 Extension Headers. * Add unreach6 code. * Add logging for IPv6. Submitted by: sysctl handling derived from patch from ume needed for ip6fw Obtained from: is_icmp6_query and send_reject6 derived from similar functions of netinet6,ip6fw Reviewed by: ume, gnn; silence on ipfw@ Test setup provided by: CK Software GmbH MFC after: 6 days Notes: svn path=/head/; revision=149020
* Add NATM_LOCK() and NATM_UNLOCK() in places where npcb_add() andCraig Rodrigues2005-08-121-0/+9
| | | | | | | | | | npcb_free() are called, in order to eliminate witness panics. This was overlooked in removal of GIANT from ATM. Reviewed by: rwatson Notes: svn path=/head/; revision=148980
* o Fix a race between three threads: output path,Gleb Smirnoff2005-08-111-155/+181
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | incoming ARP packet and route request adding/removing ARP entries. The root of the problem is that struct llinfo_arp was accessed without any locks. To close race we will use locking provided by rtentry, that references this llinfo_arp: - Make arplookup() return a locked rtentry. - In arpresolve() hold the lock provided by rt_check()/arplookup() until the end of function, covering all accesses to the rtentry itself and llinfo_arp it refers to. - In in_arpinput() do not drop lock provided by arplookup() during first part of the function. - Simplify logic in the first part of in_arpinput(), removing one level of indentation. - In the second part of in_arpinput() hold rtentry lock while copying address. o Fix a condition when route entry is destroyed, while another thread is contested on its lock: - When storing a pointer to rtentry in llinfo_arp list, always add a reference to this rtentry, to prevent rtentry being destroyed via RTM_DELETE request. - Remove this reference when removing entry from llinfo_arp list. o Further cleanup of arptimer(): - Inline arptfree() into arptimer(). - Use official queue(3) way to pass LIST. - Hold rtentry lock while reading its structure. - Do not check that sdl_family is AF_LINK, but assert this. Reviewed by: sam Stress test: http://www.holm.cc/stress/log/cons141.html Stress test: http://people.freebsd.org/~pho/stress/log/cons144.html Notes: svn path=/head/; revision=148955
* Remove public declarations of variables that were forgotten when they wereDavid E. O'Brien2005-08-101-1/+0
| | | | | | | made static. Notes: svn path=/head/; revision=148920
* Match IPv6 and use a static struct pr_usrreqs nousrreqs.David E. O'Brien2005-08-101-0/+2
| | | | Notes: svn path=/head/; revision=148918
* Add helper function ip_findmoptions(), which accepts an inpcb, and attemptsRobert Watson2005-08-091-33/+58
| | | | | | | | | | | | | | | | | | | | | | | | to atomically return either an existing set of IP multicast options for the PCB, or a newlly allocated set with default values. The inpcb is returned locked. This function may sleep. Call ip_moptions() to acquire a reference to a PCB's socket options, and perform the update of the options while holding the PCB lock. Release the lock before returning. Remove garbage collection of multicast options when values return to the default, as this complicates locking substantially. Most applications allocate a socket either to be multicast, or not, and don't tend to keep around sockets that have previously been used for multicast, then used for unicast. This closes a number of race conditions involving multiple threads or processes modifying the IP multicast state of a socket simultaenously. MFC after: 7 days Notes: svn path=/head/; revision=148903
* Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE andRobert Watson2005-08-092-24/+29
| | | | | | | | | | | | | | | | | IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to ifnet.if_drv_flags. Device drivers are now responsible for synchronizing access to these flags, as they are in if_drv_flags. This helps prevent races between the network stack and device driver in maintaining the interface flags field. Many __FreeBSD__ and __FreeBSD_version checks maintained and continued; some less so. Reviewed by: pjd, bz MFC after: 7 days Notes: svn path=/head/; revision=148887
* In preparation for fixing races in ARP (and probably in otherGleb Smirnoff2005-08-091-0/+1
| | | | | | | L2/L3 mappings) make rt_check() return a locked rtentry. Notes: svn path=/head/; revision=148883
* Introduce in_multi_mtx, which will protect IPv4-layer multicast addressRobert Watson2005-08-035-18/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | lists, as well as accessor macros. For now, this is a recursive mutex due code sequences where IPv4 multicast calls into IGMP calls into ip_output(), which then tests for a multicast forwarding case. For support macros in in_var.h to check multicast address lists, assert that in_multi_mtx is held. Acquire in_multi_mtx around iteration over the IPv4 multicast address lists, such as in ip_input() and ip_output(). Acquire in_multi_mtx when manipulating the IPv4 layer multicast addresses, as well as over the manipulation of ifnet multicast address lists in order to keep the two layers in sync. Lock down accesses to IPv4 multicast addresses in IGMP, or assert the lock when performing IGMP join/leave events. Eliminate spl's associated with IPv4 multicast addresses, portions of IGMP that weren't previously expunged by IGMP locking. Add in_multi_mtx, igmp_mtx, and if_addr_mtx lock order to hard-coded lock order in WITNESS, in that order. Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca> MFC after: 10 days Notes: svn path=/head/; revision=148682
* Modify network protocol consumers of the ifnet multicast address listsRobert Watson2005-08-021-0/+2
| | | | | | | | | | to lock if_addr_mtx. Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca> MFC after: 1 week Notes: svn path=/head/; revision=148653
* recover the line which was wrongly disappeared during scope cleanup.Hajimu UMEMOTO2005-08-012-0/+2
| | | | | | | tcpdrop(8) should work for IPv6, again. Notes: svn path=/head/; revision=148616
* Add support for IPv6 over GRE [1]. PR kern/80340 includes theBjoern A. Zeeb2005-08-011-3/+12
| | | | | | | | | | | | | FreeBSD specific ip_newid() changes NetBSD does not have. Correct handling of non AF_INET packets passed to bpf [2]. PR: kern/80340[1], NetBSD PRs 29150[1], 30844[2] Obtained from: NetBSD ip_gre.c rev. 1.34,1.35, if_gre.c rev. 1.56 Submitted by: Gert Doering <gert at greenie.muc.de>[2] MFC after: 4 days Notes: svn path=/head/; revision=148613
* include scope6_var.h for in6_clearscope().Hajimu UMEMOTO2005-07-261-0/+3
| | | | Notes: svn path=/head/; revision=148414
* include netinet6/scope6_var.h.Hajimu UMEMOTO2005-07-251-0/+1
| | | | Notes: svn path=/head/; revision=148387
* scope cleanup. with this changeHajimu UMEMOTO2005-07-255-42/+40
| | | | | | | | | | | | | | | | | | | | | | - most of the kernel code will not care about the actual encoding of scope zone IDs and won't touch "s6_addr16[1]" directly. - similarly, most of the kernel code will not care about link-local scoped addresses as a special case. - scope boundary check will be stricter. For example, the current *BSD code allows a packet with src=::1 and dst=(some global IPv6 address) to be sent outside of the node, if the application do: s = socket(AF_INET6); bind(s, "::1"); sendto(s, some_global_IPv6_addr); This is clearly wrong, since ::1 is only meaningful within a single node, but the current implementation of the *BSD kernel cannot reject this attempt. Submitted by: JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp> Obtained from: KAME Notes: svn path=/head/; revision=148385
* Misc spelling and/or English fixes in comments.Giorgos Keramidas2005-07-231-12/+12
| | | | | | | Reviewed by: glebius, andre Notes: svn path=/head/; revision=148324
* move RFC3542 related definitions into ip6.h.Hajimu UMEMOTO2005-07-201-0/+48
| | | | | | | | | Submitted by: Keiichi SHIMA <keiichi__at__iijlab.net> Reviewed by: mlaier Obtained from: KAME Notes: svn path=/head/; revision=148176
* add missing RFC3542 definition.Hajimu UMEMOTO2005-07-201-0/+1
| | | | | | | | Submitted by: Keiichi SHIMA <keiichi__at__iijlab.net> Obtained from: KAME Notes: svn path=/head/; revision=148171
* update comments:Hajimu UMEMOTO2005-07-202-5/+5
| | | | | | | | | | | - RFC2292bis -> RFC3542 - typo fixes Submitted by: Keiichi SHIMA <keiichi__at__iijlab.net> Obtained from: KAME Notes: svn path=/head/; revision=148169
* Remove no-op spl references in in_pcb.c, since in_pcb locking has beenRobert Watson2005-07-191-15/+3
| | | | | | | | | | basically complete for several years now. Update one spl comment to reference the locking strategy. MFC after: 3 days Notes: svn path=/head/; revision=148157
* Remove no-op spl's and most comment references to spls, as TCP lockingRobert Watson2005-07-194-49/+8
| | | | | | | | | is believed to be basically done (modulo any remaining bugs). MFC after: 3 days Notes: svn path=/head/; revision=148156
* Remove spl() calls from ip_slowtimo(), as IP fragment queue locking wasRobert Watson2005-07-191-2/+0
| | | | | | | | | | merged several years ago. Submitted by: gnn MFC after: 1 day Notes: svn path=/head/; revision=148155
* Export pfsyncstats via sysctl "net.inet.pfsync" in order to print them withMax Laier2005-07-141-2/+5
| | | | | | | | | | netstat (seperate commit). Requested by: glebius MFC after: 1 week Notes: svn path=/head/; revision=148015
* Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which isRobert Watson2005-07-051-1/+1
| | | | | | | | | | | | | | redundant with respect to existing mbuf copy label routines. Expose a new mac_copy_mbuf() routine at the top end of the Framework and use that; use the existing mpo_copy_mbuf_label() routine on the bottom end. Obtained from: TrustedBSD Project Sponsored by: SPARTA, SPAWAR Approved by: re (scottl) Notes: svn path=/head/; revision=147785
* Fix for a bug in newreno partial ack handling where if a large amountPaul Saab2005-07-052-2/+10
| | | | | | | | | | of data is partial acked, snd_cwnd underflows, causing a burst. Found, Submitted by: Noritoshi Demizu Approved by: re Notes: svn path=/head/; revision=147781
* Remove ambiguity from hlen. IPv4 is now indicated by is_ipv4 and we need aMax Laier2005-07-031-20/+17
| | | | | | | | | | proper hlen value for IPv6 to implement O_REJECT and O_LOG. Reviewed by: glebius, brooks, gnn Approved by: re (scottl) Notes: svn path=/head/; revision=147758
* Check the alignment of the IP header before passing the packet up to theAndrew Thompson2005-07-021-0/+6
| | | | | | | | | | | | | | | | | | | | | | packet filter. This would cause a panic on architectures that require strict alignment such as sparc64 (tier1) and ia64/ppc (tier2). This adds two new macros that check the alignment, these are compile time dependent on __NO_STRICT_ALIGNMENT which is set for i386 and amd64 where alignment isn't need so the cost is avoided. IP_HDR_ALIGNED_P() IP6_HDR_ALIGNED_P() Move bridge_ip_checkbasic()/bridge_ip6_checkbasic() up so that the alignment is checked for ipfw and dummynet too. PR: ia64/81284 Obtained from: NetBSD Approved by: re (dwhite), mlaier (mentor) Notes: svn path=/head/; revision=147744
* Fix for a bug in the change that defers sack option processing untilPaul Saab2005-07-014-8/+10
| | | | | | | | | | | | | after PAWS checks. The symptom of this is an inconsistency in the cached sack state, caused by the fact that the sack scoreboard was not being updated for an ACK handled in the header prediction path. Found by: Andrey Chernov. Submitted by: Noritoshi Demizu, Raja Mukerji. Approved by: re Notes: svn path=/head/; revision=147735
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 09:11:57 +0000