summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_icmp.c
AgeCommit message (Collapse)Author
2005-10-17make pf use one mbuf tag instead of 6 distinct ones. use a little structHenning Brauer
in the data part for the data from the previously distinct tags. look up the tag early and carry a pointer to it around. makes the code easier and saves some tag lookups and thus helps performance, as proven by tests run by Schberle Dniel <Schoeberle.Daniel@aamtech.hu> Initially hacked up somewhere over the atlantic ocean in an A330 early testing reyk and moritz, "put it in" theo
2005-07-31Change the API for icmp_do_error so that it takes the mtu directly, ratherChristopher Pascoe
than a pointer to struct ifnet containing it. Saves a 448 byte stack allocation in ip_forward which previously faked up a struct ifnet just for this purpose. idea ok deraadt millert
2005-06-30implement PMTU checks fromMarkus Friedl
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html i.e. don't act on ICMP-need-frag immediately if adhoc checks on the advertised mtu fail. the mtu update is delayed until a tcp retransmit happens. initial patch by Fernando Gont, tested by many.
2005-01-18Use correct source address for ICMP errors generated from packets that wereClaudio Jeker
not addressed to the machine. If the destination is not a local address do a route lookup for the original source address and use the returned interface address. This solves problems seen on interfaces with multiple networks defined. OK henning@ markus@
2004-06-22Pull the plug on source-based routing until remaining bugs are eradicated.Cedric Berger
No need to reconfig kernel or rebuild userland stuff. requested deraadt@, help beck@
2004-06-06extend routing table to be able to match and route packets based onCedric Berger
their *source* IP address in addition to their destination address. routing table "destination" now contains a "struct sockaddr_rtin" for IPv4 instead of a "struct sockaddr_in". the routing socket has been extended in a backward-compatible way. todo: PMTU enhancements, IPv6. ok deraadt@ mcbride@
2004-04-26minor cleanupsTheo de Raadt
2004-02-15switch to sysctl_int_arr(); ok itojun, henning, miod, deraadtMarkus Friedl
2003-07-09do not flip ip_len/ip_off in netinet stack. deraadt ok.Jun-ichiro itojun Hagino
(please test, especially PF portion)
2003-06-02Remove the advertising clause in the UCB license which BerkeleyTodd C. Miller
rescinded 22 July 1999. Proofed by myself and Theo.
2003-05-14Remove redundant assignment. Found by Julien Bordet. ok itojun@Daniel Hartmeier
2003-05-03string fixes; tedu okTheo de Raadt
2003-02-12Remove commons; inspired by netbsd.Jason Wright
2003-02-01quite some KNF & ANSIHenning Brauer
ok theo
2003-01-31KNFTheo de Raadt
2003-01-31plug a mbuf leakHenning Brauer
debugging session w/ dhartmei@ and lots of testing help from Jun <pilot at monkey.org> ok theo daniel angelos
2002-08-28Fix a problem where passing NULL as a pointer with varargs does not promotePer Fogelstrom
NULL to full 64 bits on a 64 bit address system. Soultion is to add a (void *) cast before NULL. This makes a 64 bit MIPS kernel work and will probably help future 64 bit ports as well. OK from art@
2002-06-10prevent mbuf leak on icmp_do_error() failure.Jun-ichiro itojun Hagino
NOTE: under 4.4BSD mbuf coding discipline, once you pass mbuf to a function like f(m), you no longer have ownership of the mbuf. the mbuf will always be freed by the called function f(). by keeping the programming rule you have less chance of memory leak.
2002-06-09whitespaceJun-ichiro itojun Hagino
2002-06-08Break up icmp_error() so we can have the icmp error mbuf returnedjasoni
instead of it being sent to ip_output().
2002-06-07kill register; ok with itojunjasoni
2002-05-24add net.inet.icmp.tstamprepl sysctl for timestamp control; jason@ackley.netTheo de Raadt
2002-03-15Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do thingsTodd C. Miller
the ANSI way.
2002-03-14First round of __P removal in sysTodd C. Miller
2002-01-21remove couple of #if 0'ed portion we will never useJun-ichiro itojun Hagino
2002-01-12add rediraccept and redirtimeout sysctl's.Eric Jackson
rediraccept allows one to ignore ICMP_REDIRECT redirtimeout sets a timeout on the routing entries pretaining to ICMP_REDIRECT, this timeout is defaulted to 10 minutes. (same as ipv6) From NetBSD. millert@ ok
2002-01-05Avoid using an uninitialized variable. dhartmei@ okThomas Nordin
2001-07-04handle m->m_pkthdr.rcvif == NULL; temporarily ok deraadt@; pending itojun@Daniel Hartmeier
2001-07-04Explicitly list the new ICMP codes.Angelos D. Keromytis
2001-07-01tag packets generated by pf (return-rst, return-icmp) so they are not ↵Daniel Hartmeier
filtered, use existing icmp_error() and ip_output(). ok dugsong@, frantzen@
2001-06-29saner checking in icmp_error; from NetBSD with work by dug and me.Niels Provos
2001-06-19mop up after angelosTheo de Raadt
2001-06-08Cut down on include files.Angelos D. Keromytis
2001-06-05repair copyright notices for NRL & cmetz; cmetzTheo de Raadt
2001-05-20Use packet tags instead of tdbi.Angelos D. Keromytis
2001-05-11Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okAaron Campbell
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-07Remove a bogus rtfree(); PR 1706brian
2000-12-11turn off path mtu when icmp needfrag messages get blocked, okay itojun@Niels Provos
2000-10-17icmp rate limiting defaults to 100ppsNiels Provos
2000-10-10verify payload of the icmp need fragment message at the tcp layer. okay itojun@Niels Provos
2000-10-10bring in icmp rate limitation code.Jun-ichiro itojun Hagino
make icmp6 rate limitation to latest (uses ppsratecheck only). (sync with netbsd) TODO: tcp SYN rate limit?
2000-10-09check if we have a tcb connected to the destination quoted in the icmp needNiels Provos
fragment message when doing path mtu discovery. okay angelos@
2000-09-26Update to previous fix on ICMP messages coming on unnumberedAngelos D. Keromytis
interfaces: rather than picking *some* non-loopback IP address, do a routing lookup and use as source IP address the address of the outgoing interface. A nice side effect of this is that ICMPs generated as a result of packets received over IPsec will, in the common case, end up going back over IPsec (depends on what the SPD looks like of course). Thanks to fcusack@fcusack.com for testing and commenting on this.
2000-09-25on expiry of pmtu route, retry higher mtu. okay angelos@Niels Provos
2000-09-20Don't use LOOPBACK addresses when trying to determine source addressAngelos D. Keromytis
to use in locally-generated ICMP messages (thanks to fcusack@fcusack.com)
2000-09-20remove unused codeNiels Provos
2000-09-18Path MTU discovery based on NetBSD but with the decision to use the DFNiels Provos
flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
2000-05-15parse IPv4 options more carefully. make boundary checks against everyJun-ichiro itojun Hagino
steps (including option type/length field - there were no checks, seems to me 4.4BSD bug)
1999-12-28remove unused part of kame patch from the tree. openbsd does not passJun-ichiro itojun Hagino
"proto" around as xx_input argument. (sync with kame change)