Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-07-31 | Change the API for icmp_do_error so that it takes the mtu directly, rather | Christopher Pascoe | |
than a pointer to struct ifnet containing it. Saves a 448 byte stack allocation in ip_forward which previously faked up a struct ifnet just for this purpose. idea ok deraadt millert | |||
2005-06-30 | implement PMTU checks from | Markus Friedl | |
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html i.e. don't act on ICMP-need-frag immediately if adhoc checks on the advertised mtu fail. the mtu update is delayed until a tcp retransmit happens. initial patch by Fernando Gont, tested by many. | |||
2005-01-18 | Use correct source address for ICMP errors generated from packets that were | Claudio Jeker | |
not addressed to the machine. If the destination is not a local address do a route lookup for the original source address and use the returned interface address. This solves problems seen on interfaces with multiple networks defined. OK henning@ markus@ | |||
2004-06-22 | Pull the plug on source-based routing until remaining bugs are eradicated. | Cedric Berger | |
No need to reconfig kernel or rebuild userland stuff. requested deraadt@, help beck@ | |||
2004-06-06 | extend routing table to be able to match and route packets based on | Cedric Berger | |
their *source* IP address in addition to their destination address. routing table "destination" now contains a "struct sockaddr_rtin" for IPv4 instead of a "struct sockaddr_in". the routing socket has been extended in a backward-compatible way. todo: PMTU enhancements, IPv6. ok deraadt@ mcbride@ | |||
2004-04-26 | minor cleanups | Theo de Raadt | |
2004-02-15 | switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt | Markus Friedl | |
2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino | |
(please test, especially PF portion) | |||
2003-06-02 | Remove the advertising clause in the UCB license which Berkeley | Todd C. Miller | |
rescinded 22 July 1999. Proofed by myself and Theo. | |||
2003-05-14 | Remove redundant assignment. Found by Julien Bordet. ok itojun@ | Daniel Hartmeier | |
2003-05-03 | string fixes; tedu ok | Theo de Raadt | |
2003-02-12 | Remove commons; inspired by netbsd. | Jason Wright | |
2003-02-01 | quite some KNF & ANSI | Henning Brauer | |
ok theo | |||
2003-01-31 | KNF | Theo de Raadt | |
2003-01-31 | plug a mbuf leak | Henning Brauer | |
debugging session w/ dhartmei@ and lots of testing help from Jun <pilot at monkey.org> ok theo daniel angelos | |||
2002-08-28 | Fix a problem where passing NULL as a pointer with varargs does not promote | Per Fogelstrom | |
NULL to full 64 bits on a 64 bit address system. Soultion is to add a (void *) cast before NULL. This makes a 64 bit MIPS kernel work and will probably help future 64 bit ports as well. OK from art@ | |||
2002-06-10 | prevent mbuf leak on icmp_do_error() failure. | Jun-ichiro itojun Hagino | |
NOTE: under 4.4BSD mbuf coding discipline, once you pass mbuf to a function like f(m), you no longer have ownership of the mbuf. the mbuf will always be freed by the called function f(). by keeping the programming rule you have less chance of memory leak. | |||
2002-06-09 | whitespace | Jun-ichiro itojun Hagino | |
2002-06-08 | Break up icmp_error() so we can have the icmp error mbuf returned | jasoni | |
instead of it being sent to ip_output(). | |||
2002-06-07 | kill register; ok with itojun | jasoni | |
2002-05-24 | add net.inet.icmp.tstamprepl sysctl for timestamp control; jason@ackley.net | Theo de Raadt | |
2002-03-15 | Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things | Todd C. Miller | |
the ANSI way. | |||
2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
2002-01-21 | remove couple of #if 0'ed portion we will never use | Jun-ichiro itojun Hagino | |
2002-01-12 | add rediraccept and redirtimeout sysctl's. | Eric Jackson | |
rediraccept allows one to ignore ICMP_REDIRECT redirtimeout sets a timeout on the routing entries pretaining to ICMP_REDIRECT, this timeout is defaulted to 10 minutes. (same as ipv6) From NetBSD. millert@ ok | |||
2002-01-05 | Avoid using an uninitialized variable. dhartmei@ ok | Thomas Nordin | |
2001-07-04 | handle m->m_pkthdr.rcvif == NULL; temporarily ok deraadt@; pending itojun@ | Daniel Hartmeier | |
2001-07-04 | Explicitly list the new ICMP codes. | Angelos D. Keromytis | |
2001-07-01 | tag packets generated by pf (return-rst, return-icmp) so they are not ↵ | Daniel Hartmeier | |
filtered, use existing icmp_error() and ip_output(). ok dugsong@, frantzen@ | |||
2001-06-29 | saner checking in icmp_error; from NetBSD with work by dug and me. | Niels Provos | |
2001-06-19 | mop up after angelos | Theo de Raadt | |
2001-06-08 | Cut down on include files. | Angelos D. Keromytis | |
2001-06-05 | repair copyright notices for NRL & cmetz; cmetz | Theo de Raadt | |
2001-05-20 | Use packet tags instead of tdbi. | Angelos D. Keromytis | |
2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
2001-03-07 | Remove a bogus rtfree(); PR 1706 | brian | |
2000-12-11 | turn off path mtu when icmp needfrag messages get blocked, okay itojun@ | Niels Provos | |
2000-10-17 | icmp rate limiting defaults to 100pps | Niels Provos | |
2000-10-10 | verify payload of the icmp need fragment message at the tcp layer. okay itojun@ | Niels Provos | |
2000-10-10 | bring in icmp rate limitation code. | Jun-ichiro itojun Hagino | |
make icmp6 rate limitation to latest (uses ppsratecheck only). (sync with netbsd) TODO: tcp SYN rate limit? | |||
2000-10-09 | check if we have a tcb connected to the destination quoted in the icmp need | Niels Provos | |
fragment message when doing path mtu discovery. okay angelos@ | |||
2000-09-26 | Update to previous fix on ICMP messages coming on unnumbered | Angelos D. Keromytis | |
interfaces: rather than picking *some* non-loopback IP address, do a routing lookup and use as source IP address the address of the outgoing interface. A nice side effect of this is that ICMPs generated as a result of packets received over IPsec will, in the common case, end up going back over IPsec (depends on what the SPD looks like of course). Thanks to fcusack@fcusack.com for testing and commenting on this. | |||
2000-09-25 | on expiry of pmtu route, retry higher mtu. okay angelos@ | Niels Provos | |
2000-09-20 | Don't use LOOPBACK addresses when trying to determine source address | Angelos D. Keromytis | |
to use in locally-generated ICMP messages (thanks to fcusack@fcusack.com) | |||
2000-09-20 | remove unused code | Niels Provos | |
2000-09-18 | Path MTU discovery based on NetBSD but with the decision to use the DF | Niels Provos | |
flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@ | |||
2000-05-15 | parse IPv4 options more carefully. make boundary checks against every | Jun-ichiro itojun Hagino | |
steps (including option type/length field - there were no checks, seems to me 4.4BSD bug) | |||
1999-12-28 | remove unused part of kame patch from the tree. openbsd does not pass | Jun-ichiro itojun Hagino | |
"proto" around as xx_input argument. (sync with kame change) | |||
1999-12-08 | bring in KAME IPv6 code, dated 19991208. | Jun-ichiro itojun Hagino | |
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon). |