summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_input.c
AgeCommit message (Collapse)Author
1999-04-23dont accept packets with the destination address of a down interface;Niels Provos
proff@netbsd.org.
1999-04-12move encdebug to a useful placeTheo de Raadt
1999-04-11Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.Niklas Hallqvist
If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too.
1999-02-21split ipintr() to create new ipv4_input() for tunnels; NRLTheo de Raadt
1999-02-19ipq lockingTheo de Raadt
1999-02-17add fragment flood protection; configureable using sysctl ip.maxqueueTheo de Raadt
1998-12-28ensure the ip packet embedded inside an icmp packet has correct ip_len,Theo de Raadt
ip_off, ip_id. for udp, also correct uh_sum. ip_sum is still set to 0; (all this debugged using nmap)
1998-12-26make ip_id random but ensure that ids dont repeat for some period.Niels Provos
1998-11-13Recompute ip header length after packet has been reassembled, and alsoNiels Provos
use the actual header length for m_pullup, pointed out by jdb@es2.net and guido@freebsd.org.
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-02-14wildcard ifaces; finally, after HE said it's okMichael Shalayeff
1998-02-03bail out for sourcerouted packets earlier, also do not forwardTheo de Raadt
sourcerouted packets ever if ipforwarding is off; tqbf@secnet.com
1998-02-01undo wildcard loopback stuff; it was not checked by other developersTheo de Raadt
1998-02-01support wildcard loopbacks. that is, setting up lo1 like:Michael Shalayeff
ifconfig lo1 inet 192.168.1.1 netmask 255.255.255.0 link1 would force it to act like all the addresses from net 192.168.1 were added to the interface. todo: man lo
1997-08-09The list of tcp/udp ports not to allocate dynamically is nowTodd C. Miller
a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
1997-02-28IPsec socket API hooks are in.Angelos D. Keromytis
1997-02-22Fixed problem in ip_weadvertise().Angelos D. Keromytis
1997-02-22ICMP redirects will not be sent if we do proxy arp pointing to ourselves.Angelos D. Keromytis
1997-02-13off-by-one-slot for IP timestamp option data inserts, PR#103, ↵Theo de Raadt
andreas.gunnarsson@emw.ericsson.se
1997-02-11ensure ipt->ipt_ptr is right; pr#96, andreas.gunnarsson@emw.ericsson.seTheo de Raadt
1997-01-26Make ip_len and ip_off unsigned values; don't transmit or accept packetsThorsten Lockert
larger than the maximum IP packet size. From NetBSD.
1996-10-27record route is not a problem; thanks bitbltTheo de Raadt
1996-10-18Do not run IP defragmentation routines unneccecarily; NetBSD PR# 2772Thorsten Lockert
1996-09-02Don't drain the protocol queues at interrupt level.dm
1996-08-14ipaddrs are int; like many other things found after spotting a similar ↵Theo de Raadt
netbsd commit...
1996-08-02Allow viewing of net.inet.ip.sourceroute in secure modeThorsten Lockert
1996-07-29From FreeBSD (with slightly different sysctl names):Jason Downs
"... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."
1996-07-18ipfilter 3.1.0dm
1996-05-07from NetBSD PR#2296:Michael Shalayeff
Laine Stump: some icmp destination unreachable packets contain garbage.
1996-04-21partial sync with netbsd 960418, more to comeTheo de Raadt
1996-03-09restored IP filteringdm
1996-03-03From NetBSD: 960217 mergeNiklas Hallqvist
1996-01-25IP filter 3.0.1dm
1996-01-07from beurton@fnet.fr: Darren Reed's IP filterdm
1995-12-14re-add my source routing stuff (geeezzz)Theo de Raadt
1995-12-14from netbsd:Theo de Raadt
make netinet work on systems where pointers and longs are 64 bits (like the alpha). Biggest problem: IP headers were overlayed with structure which included pointers, and which therefore didn't overlay properly on 64-bit machines. Solution: instead of threading pointers through IP header overlays, add a "queue element" structure to do the threading, and point it at the ip headers.
1995-11-28add inet_ntoa() to the kernel. use it to log nicer messages. idea from freebsdTheo de Raadt
1995-11-28log source route attempts when source routing is disabledTheo de Raadt
1995-11-26add sysctl net.inet.ip.sourceroute option; default to 0. copied from freebsdTheo de Raadt
1995-10-18initial import of NetBSD treeTheo de Raadt