summaryrefslogtreecommitdiff
path: root/sys/netinet/in_pcb.h
AgeCommit message (Collapse)Author
2004-08-10remove in_pcbnotify, it is no longer used.Markus Friedl
2004-06-12support IPV6_USE_MIN_MTU (forgot to commit the file, sorry). noted by AnilJun-ichiro itojun Hagino
2003-12-21change in*_pcbnotify to return numbers of matches; ok itojun, mcbride, henningMarkus Friedl
2003-12-08Mbuf tag tcp and udp packets which are translated to localhost, andRyan Thomas McBride
use the the presence of this tag to reverse the match order in in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double bind, binding to both * and localhost in order to differentiate local from non-local connections, and potentially granting more privilege to local ones. This change ensures that redirected connections to localhost do not appear local to such a daemon. Bulk of changes from dhartmei@, some changes markus@ ok dhartmei@ deraadt@
2003-11-04add in(6)_pcblookup_listen() and replace all calls to in_pcblookup()Markus Friedl
with either in(6)_pcbhashlookup() or in(6)_pcblookup_listen(); in_pcblookup is now only used by bind(2); speeds up pcb lookup for listening sockets; from Claudio Jeker
2003-10-25additional hash for local port; improves speed of implicit bindMarkus Friedl
from >1000K cpu cycles to 20-30K for 18000 sockets on i386; test+feedback by Claudio Jeker; ok itojun@; [make sure you rebuild netstat/systat, too]
2003-06-02Remove the advertising clause in the UCB license which BerkeleyTodd C. Miller
rescinded 22 July 1999. Proofed by myself and Theo.
2002-09-04pass struct proc * down to in6_pcbsetportJun-ichiro itojun Hagino
2002-06-09whitespaceJun-ichiro itojun Hagino
2002-06-08sync with latest KAME in6_ifaddr/prefix/default router manipulation.Jun-ichiro itojun Hagino
behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
2002-05-31Keep an policy attached to each socket (that needs it), and cleanup asAngelos D. Keromytis
needed on socket tear-down.
2002-03-14Final __P removal plus some cosmetic fixupsTodd C. Miller
2002-03-14First round of __P removal in sysTodd C. Miller
2001-07-05IPComp itself (include files). angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-12IPsec-related socket options; these can be set/removed/retrieved, butAngelos D. Keromytis
are not taken into consideration in anything just yet.
2001-06-09Inclusion protection.Angelos D. Keromytis
2001-05-27Keep local authentication material on the PCB.Angelos D. Keromytis
2001-05-21Use a reference-counted structure for IPsec IDs and credentials, so weAngelos D. Keromytis
can cheaply keep copies of them at the PCB. ok deraadt@
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-02-16pull in new pcb notification code from kame. better handling of scope address.Jun-ichiro itojun Hagino
2001-02-16amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).Jun-ichiro itojun Hagino
add in6_clearscope. sync better with kame
2001-02-08witch raw ip6 socket code from NRL to kame.Jun-ichiro itojun Hagino
makes upgrades/code sharing much easier.
2000-10-11nuke inp_flags bits for controlling IPv4 mapped address.Jun-ichiro itojun Hagino
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-10-10verify payload of the icmp need fragment message at the tcp layer. okay itojun@Niels Provos
2000-10-09check if we have a tcb connected to the destination quoted in the icmp needNiels Provos
fragment message when doing path mtu discovery. okay angelos@
2000-09-18Path MTU discovery based on NetBSD but with the decision to use the DFNiels Provos
flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
2000-06-18sync with KAME udp6_output(). udp output logic is very different betweenJun-ichiro itojun Hagino
IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases
2000-06-13allow link-local IPv6 addres in in6_pcbbind.Jun-ichiro itojun Hagino
2000-04-27add TCP port 587 to default list of reserved ports not to allocate ↵Todd C. Miller
dynamically in order to reserve it for sendmail.
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-01-11Remove ifdef'ed out definitions.Angelos D. Keromytis
1999-12-27synchronize inp_flags definition across kame/*bsd.Jun-ichiro itojun Hagino
this would ease us implement future COMPAT_*BSD. (sync with kame tree)
1999-12-12make it easier to synchronize INP_xx flags and IN6P_xx flags.Jun-ichiro itojun Hagino
1999-12-08bring in KAME IPv6 code, dated 19991208.Jun-ichiro itojun Hagino
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24Removed inclusion of netinet6/in6.h. This was an artifact of when the corecmetz
IPv6 symbols were there rather than in netinet/in.h, and now not only is unnecessary but also could create problems (see PR library/781).
1999-01-11netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetzTheo de Raadt
1999-01-08more IPV6 merge; cmetzTheo de Raadt
1999-01-07INET6 supportTheo de Raadt
1999-01-07in_pcblookup() now takes ptr to both ip address argumentsTheo de Raadt
1999-01-07rename baddynamic() to in_baddynamic(), and export itTheo de Raadt
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1997-08-26indentTheo de Raadt
1997-08-19Add DP_CLR() macroTodd C. Miller
1997-08-19Theo doesn't like extra kernel options, so don't allowTodd C. Miller
DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to be overridden from the kernel. It's not really too useful since there is a nice sysctl interface for this stuff.
1997-08-16Allow DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to beTodd C. Miller
overridden via kernel config file.
1997-08-09The list of tcp/udp ports not to allocate dynamically is nowTodd C. Miller
a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
1997-02-28Moved IPsec socket state to the PCB.Angelos D. Keromytis
1996-07-29From FreeBSD (with slightly different sysctl names):Jason Downs
"... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."
1996-03-03From NetBSD: 960217 mergeNiklas Hallqvist