summaryrefslogtreecommitdiff
path: root/sys/netinet/in_pcb.c
AgeCommit message (Collapse)Author
2004-03-12Fix rtentry leak in in_losing(). The rtentry needs to be freed in anycase.Claudio Jeker
Found by Greg Wooledge. A lot of debugging and help by dhartmei@ markus@ cedric@. OK dhartmei@ markus@ deraadt@
2004-01-02use pool for pcb; with grange@ like netbsd; ok itojun@, cedric@Markus Friedl
2003-12-21change in*_pcbnotify to return numbers of matches; ok itojun, mcbride, henningMarkus Friedl
2003-12-21use CIRCLEQ* for pcb's; ok deraadt, henning, mcbride, with help from canacarMarkus Friedl
2003-12-10de-register. deraadt okJun-ichiro itojun Hagino
2003-12-08Mbuf tag tcp and udp packets which are translated to localhost, andRyan Thomas McBride
use the the presence of this tag to reverse the match order in in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double bind, binding to both * and localhost in order to differentiate local from non-local connections, and potentially granting more privilege to local ones. This change ensures that redirected connections to localhost do not appear local to such a daemon. Bulk of changes from dhartmei@, some changes markus@ ok dhartmei@ deraadt@
2003-11-04add in(6)_pcblookup_listen() and replace all calls to in_pcblookup()Markus Friedl
with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen(); in_pcblookup is now only used by bind(2); speeds up pcb lookup for listening sockets; from Claudio Jeker
2003-10-25additional hash for local port; improves speed of implicit bindMarkus Friedl
from >1000K cpu cycles to 20-30K for 18000 sockets on i386; test+feedback by Claudio Jeker; ok itojun@; [make sure you rebuild netstat/systat, too]
2003-08-15change arguments to suser. suser now takes the process, and a flagsTed Unangst
argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@
2003-06-02Remove the advertising clause in the UCB license which BerkeleyTodd C. Miller
rescinded 22 July 1999. Proofed by myself and Theo.
2003-05-06use M_NOWAIT instead of WAITOK for the hashtable allocation. ok itojun@Ted Unangst
2002-09-11KNF - return is not a function. sync w/kameJun-ichiro itojun Hagino
2002-06-11splassert where comments tell us to.Artur Grabowski
2002-06-09whitespaceJun-ichiro itojun Hagino
2002-05-31Keep an policy attached to each socket (that needs it), and cleanup asAngelos D. Keromytis
needed on socket tear-down.
2002-03-14First round of __P removal in sysTodd C. Miller
2002-01-21remove couple of #if 0'ed portion we will never useJun-ichiro itojun Hagino
2001-12-06remove obsolete comment; we don't support IPv4 mapped addrJun-ichiro itojun Hagino
2001-12-06remove #if 0'ed portion (for KAME IPSEC - not needed)Jun-ichiro itojun Hagino
2001-07-05IPComp support. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-12IPsec-related socket options; these can be set/removed/retrieved, butAngelos D. Keromytis
are not taken into consideration in anything just yet.
2001-06-08Cut down on include files.Angelos D. Keromytis
2001-06-05repair copyright notices for NRL & cmetz; cmetzTheo de Raadt
2001-05-27Free IPsec authentication material on PCB tear down.Angelos D. Keromytis
2001-05-21Use a reference-counted structure for IPsec IDs and credentials, so weAngelos D. Keromytis
can cheaply keep copies of them at the PCB. ok deraadt@
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-02-08witch raw ip6 socket code from NRL to kame.Jun-ichiro itojun Hagino
makes upgrades/code sharing much easier.
2000-10-11nuke inp_flags bits for controlling IPv4 mapped address.Jun-ichiro itojun Hagino
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-10-10verify payload of the icmp need fragment message at the tcp layer. okay itojun@Niels Provos
2000-10-09check if we have a tcb connected to the destination quoted in the icmp needNiels Provos
fragment message when doing path mtu discovery. okay angelos@
2000-09-20fix in_pcbrtentryNiels Provos
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-09-18Path MTU discovery based on NetBSD but with the decision to use the DFNiels Provos
flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
2000-04-27avoid infinite loop in in{6,}_pcbnotify (can occurs on family mismatch)Jun-ichiro itojun Hagino
2000-04-21NRL pcb issue; inp_{f,l}addr{,6} is a union so we need to be sure aboutJun-ichiro itojun Hagino
af match. - do not touch IPv4 pcb entries on in6_pcbnotify. - do not touch IPv6 pcb entries on in_pcbnotify.
2000-01-04if we call in6_setpeeraddr, don't visit code for ipv4.Jun-ichiro itojun Hagino
(the case seems to be never bisited)
1999-12-19Remove PCB protocol checks rendered unnecessary by the previous commit.Angelos D. Keromytis
1999-12-19Be a bit more paranoid when searching for a PCB in the presence of IPv6.Angelos D. Keromytis
1999-12-17do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address isJun-ichiro itojun Hagino
bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
1999-12-08Identation.Angelos D. Keromytis
1999-12-08bring in KAME IPv6 code, dated 19991208.Jun-ichiro itojun Hagino
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-05-16spltdb introduced, protection for tdb lists and related structures, soNiklas Hallqvist
they won't disappear behind our back by an expiration. Cleanup expiration logic too.
1999-04-28zap the newhashinit hack.Artur Grabowski
Add an extra flag to hashinit telling if it should wait in malloc. update all calls to hashinit.
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al.cmetz
convention that is more common and more specific as to the access size)
1999-02-24Remove encap.h include; saner debugging printfs; fix buglets; work withAngelos D. Keromytis
pfkeyv2.
1999-01-11netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetzTheo de Raadt
1999-01-08remove NRL debugging goop; cmetzTheo de Raadt
1999-01-07INET6 supportTheo de Raadt
1999-01-07in_pcblookup() now takes ptr to both ip address argumentsTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-09 13:47:03 +0000