summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_input.c
AgeCommit message (Collapse)Author
2001-07-17split ip normalization out into a separate file, okay dhartmei@Niels Provos
2001-07-16Move altq after pf; suggested by aaron@, kjc@ ok.Federico G. Schwindt
2001-07-05IPComp support. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-28first stab at packet normalization. includes full ip reassembly.Niels Provos
okay dhartmei@, dugsong@
2001-06-27ALTQ base modifications to the kernel.Kenjiro Cho
- ALTQ introduces a set of new queue macros that coexist with the traditional IF_XXX macros. - "struct ifaltq" replaces "struct ifqueue" in "struct ifnet". - assign cdev major 74 for i386 and 54 for alpha as ALTQ control interface.
2001-06-26no longer pass around **mTheo de Raadt
2001-06-25Build without IPSEC.Artur Grabowski
2001-06-24make it compile w/o pfMichael Shalayeff
2001-06-24Initial import of pf, an all-new ipf-compatable packet filter.Kjell Wooding
Insane amounts of work done my dhartmei. Great work!
2001-06-24take mtu from routing tableNiels Provos
2001-06-23Clear the checksum flags after verification. Also, don't countAngelos D. Keromytis
checksum errors as hardware checksum packets as well.
2001-06-23Count input packets hardware-checksummed.Angelos D. Keromytis
2001-06-23Remove unneeded ip_id convertions.Federico G. Schwindt
Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment.
2001-06-23Count input/output hardware-checksummed IP packets.Angelos D. Keromytis
2001-06-23Clear IPv4 input checksum OK flag after verification.Angelos D. Keromytis
2001-06-23TCP, UDP, IPv4 input hardware checksumming processing; also IPv4Angelos D. Keromytis
output hardware checksumming. Not tested yet, but should be done tonight. Remain to be solved: interactions with bridge, TCP/UDP output checksumming, interactions of TCP/UDP checksumming with routing changes.
2001-06-19mop up after angelosTheo de Raadt
2001-06-08Cut down on include files.Angelos D. Keromytis
2001-06-01use pool allocation for ip fragement queue, from netbsd,Niels Provos
okay angelos@, itojun@
2001-05-30Remove ipf. Darren Reed has interpreted his (old, new, whichever)Theo de Raadt
licence in a way that makes ipf not free according to the rules we established over 5 years ago, at www.openbsd.org/goals.html (and those same basic rules govern the other *BSD projects too). Specifically, Darren says that modified versions are not permitted. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Furthermore, we know of a number of companies using ipf with modification like us, who are now in the same situation, and we hope that some of them will work with us to fill this gap that now exists in OpenBSD (temporarily, we hope).
2001-05-27Use the new IPsec tags.Angelos D. Keromytis
2001-05-20Remove varargs from ipv4_input; cmetz@ deraadt@ ok.Federico G. Schwindt
2001-05-20Use packet tags instead of tdbi.Angelos D. Keromytis
2001-05-16Don't clobber ip_sum; ip_output always sets this to 0 before callingFederico G. Schwindt
in_cksum so it's not needed here; itojun@ ok. This makes the ip_sum available in ipfilter.
2001-05-11Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okAaron Campbell
2001-05-01get rid of dtom(), okay itojun@ angelos@ mickey@ millert@Niels Provos
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-25A couple minor fixes to prevent use after free. Thanks to dawson and team ↵Constantine Sapuntzakis
for finding these. Ok angelos@
2001-03-18enable pmtu by defaultNiels Provos
2001-03-03on parse error of timestamp option, set parameter error offset correctly.Jun-ichiro itojun Hagino
2001-03-03drop packets with 127.0.0.0/8 in header field, if the packet is from outside.Jun-ichiro itojun Hagino
under RFC1122 sender rule 127.0.0.8 must not appear on the wire. count incidents by ipstat.ips_badaddr. sync with kame
2000-12-03Fix fastroute-related panic, fixes PR 1541 (cas@trans-nt.com)Angelos D. Keromytis
2000-10-13make sure we don't share external mbuf between m and mcopy, in ip_forward().Jun-ichiro itojun Hagino
NetBSD PR 11201.
2000-09-22fix my bug dating back to february the 14th of 1998,Michael Shalayeff
when those wildcard interfaces came up, which were usefull at the times. on the other hand here it is, one cannot bind to the broadcast address, and angelos says ok.
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-09-18Path MTU discovery based on NetBSD but with the decision to use the DFNiels Provos
flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
2000-05-15parse IPv4 options more carefully. make boundary checks against everyJun-ichiro itojun Hagino
steps (including option type/length field - there were no checks, seems to me 4.4BSD bug)
2000-05-10make sure ip_timestamp is aligned correctlyJason Wright
2000-05-06avoid underflow on unsigned value arithmetic (when optlen < 4).Jun-ichiro itojun Hagino
2nd half of NetBSD Security Advisory 2000-002.
2000-05-06avoid unaligned access in timestamp; ↵Theo de Raadt
http://www.newhackcity.net/advisories/20000504a_0.txt; checked by provos and itojun
2000-04-09Pass ip_off and ip_len in the correct byte order to icmp_error(); thisAngelos D. Keromytis
should fix the crash problems with isic, reported last week.
2000-04-04Verbiage fix.Angelos D. Keromytis
2000-03-27As I threatened a while ago, ingress IPsec ACL-checking is turned onAngelos D. Keromytis
by default. Read the ipsecadm(8) man page for more details on how to specify ingress filters with manual keying. isakmpd has been doing this for a while now.
2000-03-03remove WIDE's experimental ip reass code, mistakingly merged in partially.Jun-ichiro itojun Hagino
NetBSD PR: 9412 Fix from: ho@crt.se
2000-01-10Add 10 new ipsec-related sysctl variables...they are currently underAngelos D. Keromytis
net.inet.ip; perhaps they should be moved under net.inet.ipsec or some such.
2000-01-10Add net.inet.ip.ipsec-invalid-life, default value 60 seconds; theAngelos D. Keromytis
amount of time embryonic SAs will be kept before they have to be initialized by key management (this only affects automated key management).
2000-01-09Rename newly-introduced variable to better reflect use.Angelos D. Keromytis
2000-01-09Add a sysctl for IPsec ingress access control (better explanation on aAngelos D. Keromytis
follow-up commit).
1999-12-08bring in KAME IPv6 code, dated 19991208.Jun-ichiro itojun Hagino
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-11-29Make sure M_BCAST is set for IP broadcasts, even if the packet came in asHakan Olsson
an ethernet unicast. (cmetz@, niklas@ ok.)