| Age | Commit message (Collapse) | Author |
|---|
|
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
|
|
skipping bitmasks to cover the entire 65536 port space - previously
they covered 512-1024 only.
sysctl needs to be updated to cope with this change; please
"make includes" before rebuilding it.
feedback millert@ ok millert@ deraadt@ markus@
|
|
when we first do a pcb lookup and we have a pointer to a pf state key
in the mbuf header, store the state key pointer in the pcb and a pointer
to the pcb we just found in the state key. when either the state key
or the pcb is removed, clear the pointers.
on subsequent packets inbound we can skip the pcb lookup and just use the
pointer from the state key.
on subsequent packets outbound we can skip the state key lookup and use
the pointer from the pcb.
about 8% speedup with 100 concurrent tcp sessions, should help much more
with more tcp sessions.
ok markus ryan
|
|
get hung in nfs_reconnect() because they do not have the proper
privilages to bind to a socket, by adding a struct proc * argument
to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind)
and do the sobind() with proc0 in nfs_connect.
OK markus@, blambert@.
"go ahead" deraadt@.
Fixes an issue reported by bernd@ (Tested by bernd@).
Fixes PR5135 too.
|
|
|
|
for pf(4) diverted packets; based on patch by Scot Loach; ok beck@
|
|
makes transparent proxies much easier; ok beck@, feedback claudio@
|
|
not used with Heimdal. Add UDP port 749 to DEFBADDYNAMICPORTS_UDP
for consistency with DEFBADDYNAMICPORTS_TCP. We retain some Kerberos
4 ports for people running Heimdal in Kerberos 4 compat mode.
OK deraadt@ beck@
|
|
the kernel still handles RFC2292 set/getsockopts, so that compiled binary
has no trouble running. userland sees RFC3542 symbols only on header file
so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
|
This is for RFC3682 aka the TTL security hack - sender sets TTL to 255,
receiver checks no router on the way (or, no more than expected) reduced
the TTL. carp uses that technique already.
modeled after FreeBSD implementation.
ok claudio djm deraadt
|
|
when set on raw or udp sockets, userland receives the incoming packet's TTL
as ancillary data (cmsg shitz). modeled after the FreeBSD implementation.
ok claudio djm deraadt
|
|
Did these vendors really really really not think? Absolute morons.
|
|
we will randomly choose that stupid port, which NIC's are sometimes
programmed to eat invisibly; sthen@bootes.spacehopper.org, pr5139
|
|
Additionally add the IP_RECVIF option which returns the interface a packet
was received on. OK markus@ norby@
|
|
so we must start to use u_int; ok cloder
|
|
|
|
|
|
|
|
use the the presence of this tag to reverse the match order in
in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double
bind, binding to both * and localhost in order to differentiate local
from non-local connections, and potentially granting more privilege to
local ones. This change ensures that redirected connections to localhost
do not appear local to such a daemon.
Bulk of changes from dhartmei@, some changes markus@
ok dhartmei@ deraadt@
|
|
with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen();
in_pcblookup is now only used by bind(2); speeds up pcb lookup for
listening sockets; from Claudio Jeker
|
|
from >1000K cpu cycles to 20-30K for 18000 sockets on i386;
test+feedback by Claudio Jeker; ok itojun@;
[make sure you rebuild netstat/systat, too]
|
|
rescinded 22 July 1999. Proofed by myself and Theo.
|
|
|
|
|
|
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
|
needed on socket tear-down.
|
|
|
|
|
|
|
|
are not taken into consideration in anything just yet.
|
|
|
|
|
|
can cheaply keep copies of them at the PCB. ok deraadt@
|
|
security properties of the packets to be pushed up to the application
(not done yet). Eventually, this will be turned into a packet
attributes framework.
Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS)
does weird things with mbufs.
|
|
|
|
add in6_clearscope. sync better with kame
|
|
makes upgrades/code sharing much easier.
|
|
we don't support IPv4 mapped address,
and there are inconsistent bit manipulation code so it's safer to nuke them.
|
|
|
|
fragment message when doing path mtu discovery. okay angelos@
|
|
flag delayed to ip_output(). That halves the code and reduces most of
the route lookups. okay deraadt@
|
|
IPv4/v6 so the separation should make more sense.
TODO: remove IPv6 case from udp_output()
TODO: remove/comment out/#if 0 IPv4 mapped address cases
|
|
|
|
dynamically in order to reserve it for sendmail.
|
|
|
|
|
|
this would ease us implement future COMPAT_*BSD.
(sync with kame tree)
|
|
|
