hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2025-01-10 16:31:18 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
13,353 Commits 91 Branches 0 Tags 2.1 GiB
539e53bad3
Commit Graph

264 Commits

Author SHA1 Message Date
Garrett Wollman
425f123ed4 Merge 4.4-Lite-2: update some declarations that we don't support anyway. 
Obtained from:	4.4BSD-Lite-2
 1995-09-21 17:58:07 +00:00
Garrett Wollman
2469dd60b7 Merge 4.4-Lite-2: use M_NOWAIT in in_pcballoc(), and return EACCES rather 
than EPERM on illegal attempt to bind a reserved port.

Obtained from:	4.4BSD-Lite-2
 1995-09-21 17:55:49 +00:00
Garrett Wollman
2180b92513 Merge with 4.4-Lite-2. This is actually a 64-bit fix; the second parameter 
to in_control() is sometimes a pointer, and sometimes an integer, so use
u_long rather than int.

Obtained from:	4.4BSD-Lite-2
 1995-09-21 17:50:45 +00:00
Garrett Wollman
ef91e5283e Merge with 4.4-Lite-2. This involves changing the version number and 
moving a declaration around.

Obtained from:	4.4BSD-Lite-2
 1995-09-21 17:39:51 +00:00
Garrett Wollman
6c52bc4648 Merge with 4.4-Lite-2. This just adds a couple of tcpstat entries which 
we don't currently set, but might in the future.
 1995-09-21 17:29:13 +00:00
Garrett Wollman
f138387af1 Add support in TCP for Path MTU discovery. This is highly experimental 
and gated on `options MTUDISC' in the source.  It is also practically
untested becausse (sniff!) I don't have easy access to a network with
an MTU of less than an Ethernet.  If you have a small MTU network,
please try it and tell me if it works!
 1995-09-20 21:00:59 +00:00
Garrett Wollman
5cbf3e086c Initial back-end support for IP MTU discovery, gated on MTUDISC. The support 
for TCP has yet to be written.
 1995-09-18 15:51:40 +00:00
Garrett Wollman
b6e3d50f4c Don't leak mbufs in an unusual error case in tcp_usrreq(). 
Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
 1995-09-13 17:54:03 +00:00
Garrett Wollman
51823c3a93 If tcp_output() is unable to allocate space for a copy of the data waiting 
to be sent, just clean up and return ENOBUFS rather than silently
proceeding without sending any of the data.  This makes it consistent
with the `#ifdef notyet' case immediately above.

Reviewed by:	Andras Olah <olah@freebsd.org>
Obtained from:	Lite-2
 1995-09-13 17:36:31 +00:00
Garrett Wollman
2b758395ea Fix long-standing bug in ICMPPRINTFS code where NTOHL was used instead 
of ntohl for printing IP addresses, by instead substituting inet_ntoa()
to produce human-readable output.

Obtained from:	4.4-Lite-2
 1995-08-29 17:49:04 +00:00
Garrett Wollman
6adca7ad76 Fix some problems with multicast forwarding: 
Garrett,

  Here are some patches for the rate limiting code.  It should be faster,
and in particular it doesn't leak malloc'd memory any more when rate_limit'ing
a phyint.

  It now uses an mbuf chain at each vif, instead of the static queue array.
This means that the MAXQSIZE is now variable per vif (although there is no
interface to change it other than a debugger); this is an area for more
experimentation.

  Bill

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
 1995-08-23 18:20:17 +00:00
Andras Olah
7eb7a449c4 Add a sanity check for the UDP length field in order to prevent 
malformed UDP packets to panic the kernel.
Reviewed by:	davidg, wollman
Obtained from:	dab@berserkly.cray.com (David A. Borman) via end2end list
 1995-08-17 22:09:14 +00:00
Gary Palmer
7d4aa0825d Try to make the `syn' blocking code act a bit more sensibly - don't 
block `syn' packets that have `ack' set.
Reviewed by:
Submitted by:
Obtained from:
 1995-07-31 13:58:35 +00:00
Andras Olah
d3eede9d32 Remove a redundant `if' from tcp_reass(). 
Correct a typo in a comment (SEND_SYN -> NEEDSYN).

Reviewed by:	David Greenman
 1995-07-31 10:24:22 +00:00
David Greenman
cc0964fb2b Add connection drop capability for persist timeouts. 
Reviewed by:	Andras Olah
Obtained from:	4.4BSD-lite2 via W. Richard Stevens
 1995-07-29 18:48:44 +00:00
Garrett Wollman
b124e4f284 Fix test for determining when RSVP is inactive in a router. (In this 
case, multicast options are not passed to ip_mforward().)  The previous
version had a wrong test, thus causing RSVP mrouters to forward RSVP messages
in violation of the spec.
 1995-07-26 18:05:16 +00:00
Garrett Wollman
59929500b4 Declare rsvp_input() to take the correct set of arguments and figure out 
the receipt interface in the correct way.
 1995-07-24 18:15:13 +00:00
Garrett Wollman
b4489dc30a Completely turn off RSVP intercept when a socket being used for that purpose 
is PRU_DETACHed.  This solves the problem that RSVP would not come up inm
raw mode if previously killed.
 1995-07-24 16:33:51 +00:00
David Greenman
f70b105004 Added $Id$. 1995-07-23 05:36:31 +00:00
Peter Wemm
42c03a52ba Change the compile-time option of DIRECTED_BROADCAST into a sysctl 
variable underneath ip, "directed-broadcast".
Reviewed by:	David Greenman
Obtained from:	NetBSD, by Darren Reed.
 1995-07-18 09:56:44 +00:00
Garrett Wollman
357b78a939 Return EDESTADDRREQ rather than EADDRNOTAVAIL if the user attempts to 
half-configure a point-to-point interface.

Submitted by:	Jonathan M. Bresler <jmb@kryten.atinc.com>
 1995-07-17 15:15:15 +00:00
Garrett Wollman
5b7ee6ed04 ICMP messages received from broken hosts which reply to multicast packets 
were mistakenly delivered, rather than getting thrown out, which caused
substantial lossage.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
 1995-07-10 16:16:00 +00:00
Garrett Wollman
dd22498271 tcp_input.c - keep track of how many times a route contained a cached rtt 
or ssthresh that we were able to use

tcp_var.h - declare tcpstat entries for above; declare tcp_{send,recv}space

in_rmx.c - fill in the MTU and pipe sizes with the defaults TCP would have
	used anyway in the absence of values here
 1995-07-10 15:39:16 +00:00
David Greenman
c6e8c3576e Fixed panic that occurs on certain firewall rejected packets that was 
caused by dtom() being used on an mbuf cluster. The fix involves passing
around the mbuf pointer.

Submitted by:	Bill Fenner
 1995-07-09 14:29:46 +00:00
David Greenman
04c3f9f7ab Added some spaces for KNF. Moved some zero-initialized pointers into the 
kernel's .bss.
 1995-07-04 05:46:13 +00:00
David Greenman
09270166bb This is the end result of about a dozen passes through this code to fix 
incorrect indents, a variety of poor coding practices such as comparing
pointers to constants ('0'), poor code structuring, etc, etc. This brings
the code up to the minimum standards for inclusion in FreeBSD.
 1995-07-04 05:39:03 +00:00
David Greenman
ed64321cec Define TRUE and FALSE. 1995-07-04 05:29:30 +00:00
David Greenman
7e9367a410 1) Removed bogus #include 
2) Rewrote "bad_packet" code to be less buggy and more readable.
3) Removed a pile of goto's; the code is now somewhat less reminiscent
   of a certain Italian pasta.
4) Changed all boolean returns of "0" and "1" to FALSE/TRUE.
 1995-07-04 03:35:20 +00:00
Joerg Wunsch
40a63d93aa Slightly modify my previous change to return EINVAL instead of 
EFAULT.

Submitted by:	Peter Wemm
 1995-07-02 16:45:07 +00:00
Joerg Wunsch
d700586c3a I saw a very low-key commit message on the netbsd mailing lists and 
figured out what the problem was..  Anyway, I rate it as "highly
serious".

Submitted by:	peter@haywire.DIALix.COM (Peter Wemm)
 1995-07-01 19:09:40 +00:00
Garrett Wollman
fc97827135 Keep track of the number of samples through the srtt filter so that we 
know better when to cache values in the route, rather than relying on a
heuristic involving sequence numbers that broke when tcp_sendspace
was increased to 16k.
 1995-06-29 18:11:24 +00:00
Gary Palmer
06cf932bcb Add a missing `goto' statement so that this compiles yet again. 1995-06-28 13:22:36 +00:00
David Greenman
e9ce2e7d20 Added function prototypes for ip_rsvp_vif_init, ip_rsvp_vif_done, and 
ip_rsvp_force_done.
 1995-06-28 05:13:02 +00:00
Garrett Wollman
20dc68b204 Delete obsolete #if 0 block. 1995-06-27 20:36:34 +00:00
Guido van Rooij
a0aa52a646 reject option in ip_fw used to panic the system. This fixes it. 
-Guido
Reviewed by:
Submitted by:
Obtained from:
 1995-06-27 17:26:27 +00:00
Garrett Wollman
524743b0fe From Bill Fenner: 
> Also, I don't remember if I sent you this; it affects PIM assert processing.

Submitted by:	Bill Fenner <fenner@parc.xerox.com>
 1995-06-26 16:15:49 +00:00
Garrett Wollman
fba14c2e49 Corrected a bug that caused protocol-4 tunnels (used for multicast 
forwarding between networks that aren't directly connected) not to work
by intercepting the wrong protocol number.  This should fix a bug reported
previously by someone I don't remember.
 1995-06-26 16:11:51 +00:00
Garrett Wollman
43bed81d64 Fix an error in the comparison direction of the ap->updating case of 
in_rtqkill().

Submitted by: W. Richard Stevens
 1995-06-21 19:48:53 +00:00
Garrett Wollman
4650161123 Fix a resource allocation bug where multicast forwarding would leak mbufs 
in certain cases when allocation of another mbuf has already failed.

Submitted by: Bill Fenner <fenner@parc.xerox.com>
 1995-06-19 17:22:01 +00:00
Garrett Wollman
9167720192 Now that we've gone to all sorts of effort to allow TCP to cache some of 
its connection parameters, we want to keep statistics on how often this
actually happens to see whether there is any work that needs to be done in
TCP itself.

Suggested by: John Wroclawski <jtw@lcs.mit.edu>
 1995-06-19 16:45:33 +00:00
Garrett Wollman
1c5de19afb Kernel side of 3.5 multicast routing code, based on work by Bill Fenner 
and other work done here.  The LKM support is probably broken, but it
still compiles and will be fixed later.
 1995-06-13 17:51:16 +00:00
Rodney W. Grimes
d3628763db Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
Rodney W. Grimes
9b2e535452 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
David Greenman
765b90447e These diffs modify the behaviour of multicast clients to conform with the 
IGMPv2 spec.  This fixes the following bugs:

o ntohs() on a char provides silly results
o timer needs to be scaled to units of PR_FASTHZ; this was being done
  inconsistenly so now it gets done when it is initialized.

Reviewed by:	Garrett Wollman
Submitted by:	Bill Fenner <fenner@parc.xerox.com>
 1995-05-16 01:28:29 +00:00
Andrey A. Chernov
2f632e8fe8 Fix getsockopt(IP_ACCT_*) to not panic kernel 
Submitted by: Bill Fenner <fenner@parc.xerox.com>
 1995-05-12 20:00:21 +00:00
Rodney W. Grimes
b2b795f07c Fix -Wformat warnings from LINT kernel. 1995-05-11 19:26:53 +00:00
David Greenman
6b067b0744 #ifdef'd my Nagel/ACK hack with "TCP_ACK_HACK", disabled by default. I'm 
currently considering reducing the TCP fasttimo to 100ms to help improve
things, but this would be done as a seperate step at some point in the
future.
This was done because it was causing some sometimes serious performance
problems with T/TCP.
 1995-05-11 01:41:06 +00:00
Garrett Wollman
748e0b0acc Make networking domains drop-ins, through the magic of GNU ld. (Some day, 
there may even be LKMs.)  Also, change the internal name of `unixdomain'
to `localdomain' since AF_LOCAL is now the preferred name of this family.
Declare netisr correctly and in the right place.
 1995-05-11 00:13:26 +00:00
David Greenman
94a5d9b6a1 Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize. 1995-05-09 13:35:48 +00:00
Andras Olah
40db8ef747 Fix a misspelled constant in tcp_input.c. 
On Tue, 09 May 1995 04:35:27 PDT, Richard Stevens wrote:
> In tcp_dooptions() under the case TCPOPT_CC there is an assignment
>
>       to->to_flag |= TCPOPT_CC;
>
> that should be
>
>       to->to_flag |= TOF_CC;
>
> I haven't thought through the ramifications of what's been happening ...
>
>       Rich Stevens

Submitted by:	rstevens@noao.edu (Richard Stevens)
 1995-05-09 12:32:06 +00:00
Andrey A. Chernov
2ee32961f5 Add IPTOS_MINCOST according to RFC 1349 
Change IPTOS_PREC_ROUTINE to 0 (was conflict with IPTOS_LOWDELAY) according
to RFC 791 (unchanged since it) and BSDI 2.0 style
Submitted by: Igor Sviridov <siac@ua.net>
 1995-05-05 14:36:38 +00:00
David Greenman
0d7b7d3ea7 Changed in_pcblookuphash() to not automatically call in_pcblookup() if 
the lookup fails. Updated callers to deal with this. Call in_pcblookuphash
instead of in_pcblookup() in in_pcbconnect; this improves performance of
UDP output by about 17% in the standard case.
 1995-05-03 07:16:53 +00:00
Paul Traina
f5fea3ddc9 Cleanup loopback interface support. 
Reviewed by:	wollman
 1995-04-26 18:10:58 +00:00
Garrett Wollman
1067217d5d Disallow half-configured point-to-point interfaces. It's still possible to 
get into a half-configured state by using the old-style ioctls;this
may be a feature.
 1995-04-25 19:50:20 +00:00
Andras Olah
c4575b2416 Include <sys/queue.h> because <netinet/in_pcb.h> (also included 
later in tcp_debug.c) requires it due to the pcb changes of DavidG.
 1995-04-19 10:26:04 +00:00
David Greenman
230620627b Fixed bug I introduced when changing PCB list to use 4.4BSD style queue 
macros. Basically, detect 'tp' going away differently.
 1995-04-12 06:49:56 +00:00
David Greenman
d79940da0a Further satisfy my paranoia by making sure that the ACKNOW is only 
set when ti_len is non-zero.
 1995-04-10 17:37:46 +00:00
David Greenman
afa70c96dd Fixed bug I introduced with my Nagel hack which caused tcp_input and 
tcp_output to loop endlessly. This was freefall's problem during the past
day.
 1995-04-10 17:16:10 +00:00
David Greenman
7bc4aca7f0 Added splnet protections for PCB list manipulations and traversals. 1995-04-10 08:52:45 +00:00
David Greenman
64e4231041 Backed out Jordan's #include of queue.h 1995-04-10 00:43:18 +00:00
Jordan K. Hubbard
cb7533f532 #include <sys/queue.h> or die horribly. 1995-04-09 16:46:47 +00:00
David Greenman
15bd2b4385 Implemented PCB hashing. Includes new functions in_pcbinshash, in_pcbrehash, 
and in_pcblookuphash.
 1995-04-09 01:29:31 +00:00
Andras Olah
755c1f07c8 Fix a bug in tcp_input reported by Rick Jones <raj@hpisrdq.cup.hp.com>. 
If a goto findpcb occurred during the processing of a segment, the TCP and
IP headers were dropped twice from the mbuf which resulted in data acked
by TCP but not delivered to the user.
Reviewed by:	davidg
 1995-04-05 10:32:14 +00:00
Bruce Evans
8c62f8d80f Remove redundant declarations. 1995-04-02 19:05:09 +00:00
Bill Paul
5f6d32c735 Add declaration for struct ether_addr (this is where Sun documents 
it to go).
 1995-04-02 01:26:26 +00:00
David Greenman
8a31826613 Backed out changes in rev 1.5 that prevent sending FIN if in CLOSING 
state. This causes an infinite loop in some rare cases (probably caused
by some other, much more difficult to find bug).
 1995-03-30 23:35:55 +00:00
David Greenman
e612a582cc Re-apply my "breakage" to the Nagel congestion avoidence. This version 
differs slightly in the logic from the previous version; packets are now
acked immediately if the sender set PUSH.
 1995-03-27 07:12:24 +00:00
Garrett Wollman
ffa5b11ab5 in_var.h: in_multi structures now form a queue(3)-style LIST structure 
in.c: when an interface address is deleted, keep its multicast membership
.     records (attached to a struct multi_kludge) for attachment to the
.     next address on the same interface.  Also, in_multi structures now
.     gain a reference to the ifaddr so that they won't point off into
.     freed memory if an interface goes away and doesn't come back before
.     the last socket reference drops.  This is analogous to how it is
.     done for routes, and seems to make the most sense.
 1995-03-23 18:14:41 +00:00
Garrett Wollman
20e8807c09 This should be splimp() rather than splnet() since ifaddrs might go away 
as a result of link-layer processing.
 1995-03-20 18:31:51 +00:00
Garrett Wollman
9b626c29f7 Fix race conditions involved in setting IP multicast options. This should 
fix Dennis Fortin's problem for good, if I've got it figured out right.

(The problem was that a `struct ifaddr' could get deleted out from under
the current requester, thus leaving him with an invalid interface pointer
and causing even more bogus accesses.)
 1995-03-20 18:11:31 +00:00
David Greenman
edf8a81561 Removed redundant newlines that were in some panic strings. 1995-03-19 14:29:26 +00:00
Garrett Wollman
1025071f85 Reject source routes unless configured on by administrator. 1995-03-16 18:22:28 +00:00
Bruce Evans
b5e8ce9f12 Add and move declarations to fix all of the warnings from `gcc -Wimplicit' 
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
 1995-03-16 18:17:34 +00:00
Garrett Wollman
ef0cdf3329 Add inet_ntoa() and replace ARP's private routine with same. 1995-03-16 17:32:27 +00:00
Garrett Wollman
d99c7a23fa This set of patches enables IP multicasting to work under FreeBSD. I am 
submitting them as context diffs for the following files:

sys/netinet/ip_mroute.c
sys/netinet/ip_var.h
sys/netinet/raw_ip.c
usr.sbin/mrouted/igmp.c
usr.sbin/mrouted/prune.c

The routine rip_ip_input in raw_ip.c is suggested by Mark Tinguely
(tinguely@plains.nodak.edu). I have been running mrouted with these patches
for over a week and nothing has seemed seriously wrong. It is being run in
two places on our network as a tunnel on one and a subnet querier on the
other. The only problem I have run into is that mrouted on the tunnel must
start up last or the pruning isn't done correctly and multicast packets
flood your subnets.

Submitted by:	Soochon Radee <slr@mitre.org>
 1995-03-16 16:25:55 +00:00
David Greenman
2c8fe19f89 pcb allocations are not always done on behalf of a process; it is not 
okay to wait.
 1995-03-14 21:50:55 +00:00
David Greenman
d41f24e742 Added support for generic FDDI and the DEC DEFEA and DEFPA FDDI adapters. 
Submitted by:	Matt Thomas
 1995-03-14 09:16:07 +00:00
Ugen J.S. Antsilevich
9870b4d2de Allocate memory as M_IPFW,now we can watch firewall memory usage 
in vmstat..
 1995-03-12 13:28:13 +00:00
Nate Williams
9617d8b1f6 Removed unnecessary define for TCPOUTFLAGS since they are not used. 1995-03-06 02:49:24 +00:00
David Greenman
3dbdc25caa Move exact match pcb's to the head of the list to improve lookup 
performance.
 1995-03-02 19:29:42 +00:00
Ugen J.S. Antsilevich
29fe22b93f Allow "via" to be specified ever as IP adress or 
as interface name/unit...
 1995-02-24 14:33:54 +00:00
Bruce Evans
6f05a6e836 Fix benign type mismatch. 1995-02-22 07:23:26 +00:00
David Greenman
38aa9fc375 Added missing newlines to calls to log(). 1995-02-20 15:48:46 +00:00
Garrett Wollman
c7a82f9016 Include missing <sys/kernel.h> for `hz'. 
Submitted by:  David Greenman, Rod Grimes, Christoph Kukulies
 1995-02-17 00:29:42 +00:00
Garrett Wollman
cb04d5c55b Don't need to retransmit FIN bit in CLOSING state. 
Obtained from: Stevens, vol. 2, exercise 29.5 (solution p. 1090)
 1995-02-16 01:53:31 +00:00
Garrett Wollman
1c09f77422 spl back down in unusual out-of-memory condition in udp_output(). 
Obtained from: Stevens, vol. 2, exercise 23.4 (solution p. 1083)
 1995-02-16 01:47:36 +00:00
Garrett Wollman
1fdbc7ae46 Correctly initialize so_linger in ticks (not seconds). 
Obtained from: Stevens, vol. 2, p. 1010
 1995-02-16 01:42:45 +00:00
Garrett Wollman
dac2030182 Avoid deadlock situation described by Stevens using his suggested replacement 
code.

Obtained from: Stevens, vol. 2, pp. 959-960
 1995-02-16 01:39:19 +00:00
Garrett Wollman
9bb8795d71 Don't add back in the IP header length to ip_len; icmp_error will do it 
for us.

Obtained from: Stevens, vol. 2, p. 774
 1995-02-16 01:25:06 +00:00
Garrett Wollman
41f82abe5a Transaction TCP support now standard. Hack away! 1995-02-16 00:55:44 +00:00
Garrett Wollman
f2ea20e676 Add lots of useful MIB variables and a few not-so-useful ones for 
completeness.
 1995-02-16 00:27:47 +00:00
Garrett Wollman
628e3e3401 After dynamically reducing rtq_reallyold, have in_rtqkill() reduce the 
expiration timer of anything which would expire later than that.  (There
should be a way to call this from ip_sysctl() as well, but there currently
isn't.)
 1995-02-14 23:11:26 +00:00
Garrett Wollman
ea80aed1a9 Attempt to make the host route cache a bit smarter under conditions of 
high load:

	1) If there ever get to be more than net.inet.ip.rtmaxcache entries
	   in the cache, in_rtqtimo() will reduce net.inet.ip.rtexpire by
	   1/3 and do another round, unles net.inet.ip.rtexpire is less than
	   net.inet.ip.rtminexpire, and never more than once in ten minutes
	   (rtq_timeout).

	2) If net.inet.ip.rtexpire is set to zero, don't bother to cache
	   anything.
 1995-02-14 23:04:52 +00:00
Poul-Henning Kamp
c70f45100d YFfix. 1995-02-14 06:28:25 +00:00
Poul-Henning Kamp
c178994d81 YPfix 1995-02-14 06:25:17 +00:00
Garrett Wollman
2f96f1f446 Get rid of some unneeded #ifdef TTCP lines. Also, get rid of some 
bogus commons declared in header files.
 1995-02-14 02:35:19 +00:00
Garrett Wollman
a0292f2375 Merge Transaction TCP, courtesy of Andras Olah <olah@cs.utwente.nl> and 
Bob Braden <braden@isi.edu>.

NB: This has not had David's TCP ACK hack re-integrated.  It is not clear
what the correct solution to this problem is, if any.  If a better solution
doesn't pop up in response to this message, I'll put David's code back in
(or he's welcome to do so himself).
 1995-02-09 23:13:27 +00:00
David Greenman
e99d026c60 Fixed another TTCP ifdef problem...there isn't any tcp_sysctl field in 
!TTCP.
 1995-02-09 00:56:09 +00:00
David Greenman
512ff5eaa0 Fix/#ifdef prototype for tcp_mss...apparantly overlooked by Garrett. 1995-02-09 00:49:20 +00:00
Garrett Wollman
999f1343a5 T/TCP changes to generic IP code. This is all ifdefed TTCP so should 
have no effect on most users for now.  (Eventually, once this code is
fully tested, the ifdefs will go away.)
 1995-02-08 20:22:09 +00:00
Garrett Wollman
eb6ad69646 Merge in T/TCP TCP header file changes. 1995-02-08 20:18:48 +00:00
Gary Palmer
6db216a6d7 Remove a possible loophole - previously the code wouldn't pass packets destined 
to the loopback address to the packet filter.

Reviewed by:	"Ugen J.S.Antsilevich" <ugen@netvision.net.il>
 1995-02-07 20:30:42 +00:00
Garrett Wollman
838ecf4225 Make sure to disable RSVP intercept when the socket is closed. 1995-02-07 02:53:14 +00:00
Garrett Wollman
479bb8da0e Correct long-standing error in the RSVP hooks (would initialize but never 
return success).
 1995-01-26 18:59:02 +00:00
Ugen J.S. Antsilevich
2b43c8c9db ip_fwdef.c was missing some assignments , and this 
caused that bug by which firewall code was not working
if configured into kernel and worked only as lkm.
Now this must be fixed...Sorry guys..
 1995-01-26 10:26:15 +00:00
David Greenman
8eea120788 Kill previous commit as it isn't necessary. 1995-01-26 03:56:20 +00:00
David Greenman
b99f012ec5 Extended the previous change to cover the non-options case, too. 1995-01-24 08:03:22 +00:00
David Greenman
297a37f334 Applied fix from Andreas Schulz with a different comment by me. Fixes a 
bug where TCP connections are closed prematurely.

Submitted by:	Andreas Schulz
 1995-01-23 17:58:27 +00:00
Garrett Wollman
bbb7c7109b Change caching strategy somewhat: 
1) Don't clone routes to multicast destinations; there is nothing useful
   to be gained in this case.
2) Reduce default expiration timer to one hour.  Busy sites will still
   likely want to reduce this, but for ordinary users this is a reasonable
   value to use.
 1995-01-23 02:02:50 +00:00
Ugen J.S. Antsilevich
4dd1662b4c Actual firewall change. 
1) Firewall is not subdivided on forwarding / blocking chains
   anymore.Actually only one chain left-it was the blocking one.
2) LKM support.ip_fwdef.c is function pointers definition and
goes into kernel along with all INET stuff.
 1995-01-12 13:06:32 +00:00
David Greenman
aedcdea1de Fixed mbuf lossage when level != IPPROTO_IP. Problem reported by Robert 
Dobbs, hint from Charles Hannum, fix by me.
 1995-01-12 10:53:25 +00:00
Garrett Wollman
b2774d00ad Make arp_rtrequest() static since nobody needs to referene it any more. 1994-12-22 22:00:30 +00:00
Garrett Wollman
dd2e410221 Move ARP interface initialization into if_ether.c:arp_ifinit(). 1994-12-22 21:56:22 +00:00
Garrett Wollman
f811ab0233 Avoid a serious race by blocking netisrs while walking the route tree. 
(IWBRNI we could just block IP netisrs...)
 1994-12-21 17:25:52 +00:00
Garrett Wollman
3c896bda76 Correct sysctl info so that net.inet.ip.rtexpire is actually accessible. 1994-12-21 17:23:59 +00:00
Garrett Wollman
9ee39fc64d Fix PR 59: don't allow TCP connections withmulticast addresses at either 
end.
 1994-12-15 20:39:34 +00:00
Garrett Wollman
5be2baf843 Make rtq_reallyold user-configurable via sysctl. 1994-12-14 19:06:37 +00:00
Garrett Wollman
2c17fe9339 Call rtalloc_ign() so that protocol cloning will not occur at the IP layer. 1994-12-13 23:08:12 +00:00
Garrett Wollman
31246bc25f Update calls to rtalloc1(). Also merge rt_prflags with rt_flags. 1994-12-13 22:32:45 +00:00
Ugen J.S. Antsilevich
3107b31b8d Add clear one accounting entry control. 
Structure fields changed to seem more standart.
 1994-12-13 15:57:34 +00:00
Ugen J.S. Antsilevich
f3caf95e23 Late patch for delete control.. 1994-12-12 18:10:41 +00:00
Ugen J.S. Antsilevich
10a642bb05 Add match by interface from which packet arrived (via) 
Handle right fragmented packets. Remove checking option
from kernel..
 1994-12-12 17:20:55 +00:00
Garrett Wollman
1db18e0fc4 Advanced route cache management is now an official part of IP support. 1994-12-11 21:36:10 +00:00
Garrett Wollman
114a506d1a Delete old, confusing comment. 1994-12-02 23:10:32 +00:00
Garrett Wollman
73579c400f Add a check to make sure that we don't fiddle with the NFS routing tables 
as well (bleah!).  Also, increase the interval to the real-life value and
eliminate debugging printfs.  This will be standard once tested by others.
 1994-12-02 03:32:24 +00:00
Garrett Wollman
fa1f0e90fb Add latest version of ``advanced route metric management'' :-) 
As before, this is currently conditionalized on options IN_RMX until
I'm sure it's working.
 1994-12-01 23:19:48 +00:00
Ugen J.S. Antsilevich
c334f8666a Added: ICMP reply,TCP SYN check,logging.. 1994-11-28 12:35:14 +00:00
Jordan K. Hubbard
63f8d699ac Ugen J.S.Antsilevich's latest, happiest, IP firewall code. 
Poul:  Please take this into BETA.  It's non-intrusive, and a rather
substantial improvement over what was there before.
 1994-11-16 10:17:11 +00:00
Jordan K. Hubbard
dbdc296687 Ugen makes it in with 10 seconds to spare with a one-char diff. Some 
people are born lucky..
Submitted by:	ugen
 1994-11-08 14:25:17 +00:00
Jordan K. Hubbard
72e8fea57e Almost 12th hour (the 11th hour was almost an hour ago :-) patches 
from Ugen.
 1994-11-08 12:47:29 +00:00
Jordan K. Hubbard
ad63b51399 2 11th-hour fixes from Ugen (not Uben, sorry!) J.S.Antsilevich. 
I think it's time for Ugen to get a freefall account, just so I can
direct mail at him directly and let him drop off patches for us here.  Ugen?
Done!
Submitted by:	ugen
 1994-11-07 10:01:32 +00:00
Garrett Wollman
df00058df7 Fix off-by-one error reported to NetBSD by Karl Fox in 
<9411031449.AA11102@gefilte.MorningStar.Com>.
 1994-11-03 21:04:21 +00:00
Garrett Wollman
bb0135e920 Completely replace JTW's idea with my (incompletely implemented) original 
idea.  This is les likely to crash your machine.  As before, this code is only
enabled under `options IN_RMX'.
 1994-11-03 01:05:34 +00:00
Garrett Wollman
d4a8d8f240 This is the file that actually implements the smarter behavior. 1994-11-02 04:42:14 +00:00
Garrett Wollman
5c2dae8edc Add code to be a bit smarter about IP routes, conditioned on the option 
IN_RMX.  (Eventually this will be standard, but I just wrote the code today
and don't want to break anyone.)
 1994-11-02 04:41:39 +00:00
Garrett Wollman
ac234f9399 Clean up ARP error messages: format IP addresses, explain arplookup() 
failures in English.
 1994-11-02 00:58:29 +00:00
Jordan K. Hubbard
0a87b23329 Latest changes from Uben. 
Submitted by:	uben
 1994-10-31 23:58:04 +00:00
Paul Traina
6c4b8d672e Detect old-style multicast routers and interoperate properly 1994-10-31 06:36:47 +00:00
Jordan K. Hubbard
100ba1a617 IP Firewall code from Daniel Boulet and J.S.Antsilevich 
Submitted by:	danny ugen
 1994-10-28 15:09:49 +00:00
Steven Wallace
1bc8a80906 Patch for proper multicast support on point-to-point links. 
Submitted by:	apg@demos.su (Paul Antonov) - patch020
 1994-10-25 22:13:32 +00:00
Garrett Wollman
ccc999917e Bug fixes from John Brezak. 1994-10-21 02:38:29 +00:00
Garrett Wollman
e2637b6b1c Fix some endianness and packet header bugs found in BSDi's port of this code. 
(From mbone mailing-list.)
 1994-10-13 22:12:42 +00:00
Garrett Wollman
10be56487a As suggested by Sally Floyd, don't add the ``small fraction of the window 
size'' when doing congestion avoidance.

Submitted by:	Mark Andrews
 1994-10-13 18:36:32 +00:00
Garrett Wollman
5df7296441 Fix a bug which caused panics when attempting to change just the flags of 
a route.  (This still doesn't work, but it doesn't panic now.)  It looks
like there may be a number of incipient bugs in this code.

Also, get ready for the time when all IP gateway routes are cloning, which
is necessary to keep proper TCP statistics.
 1994-10-11 23:16:38 +00:00
Poul-Henning Kamp
61ce519bad Cosmetics. Silence gcc -Wall. 1994-10-10 07:56:07 +00:00
Poul-Henning Kamp
ac0776aed7 Cosmetics: silences gcc -Wall. 1994-10-08 22:39:58 +00:00
Poul-Henning Kamp
623ae52e4e GCC cleanup. 
Reviewed by:
Submitted by:
Obtained from:
 1994-10-02 17:48:58 +00:00
Garrett Wollman
28e822955c Implement full proxy ARP, gated on option ARP_PROXYALL. This allows 
a FreeBSD box to do proxy ARP as easily as most commercial routers do,
without messing around with (potentially variable) Ethernet addresses.
This code is really quite simple; I'm not at all sure why it wasn't
implemented in 4.4.

It might be worth stealing an interface flag (maybe IFF_LINK1) to use for
finer-grained control over which interfaces get proxy treatment.  For the
moment, it's all or nothing.
 1994-10-01 21:50:33 +00:00
Poul-Henning Kamp
fe95e21fed Made the kernel compile even without "ether". 1994-09-16 05:47:06 +00:00
David Greenman
610ee2f9b5 Made TCPDEBUG truely optional. Based on changes I made in FreeBSD 1.1.5. 
Fixed somebody's idea of a joke - about the first half of the lines in
in_proto.c were spaced over by one space.
 1994-09-15 10:36:56 +00:00