| Age | Commit message (Collapse) | Author |
|---|
|
unspecified address (::) to mean "unbounded" or "unconnected",
and can be confused by packets from outside.
use of :: as source is not documented well in IPv6 specification.
not sure if it presents a real threat. the worst case scenario is a DoS
against TCP listening socket:
- outsider transmit TCP SYN with :: as IPv6 source
- receiving side creates TCP control block with:
local address = my addres
remote address = :: (meaning "unconnected")
state = SYN_RCVD
note that SYN ACK will not be sent due to ip6_output() filter.
this stays until it timeouts.
- the TCP control block prevents listening TCP control block from
being contacted (DoS).
|
|
on diff from "Pete Kazmier" <pete@kazmier.com>
|
|
not sure if there is a real threat or not, but it seems that there's
possibility for overrun/underrun (like non-NOP option with optlen > cnt).
|
|
Remove netinet.h within ifdef INET6; this is already included.
|
|
- protect IPv6 ND from being hosed (due to neighbor unreachability detection
hint) by wrong tcp traffic. still not sure if there's real attack, but
it is good to be cautious.
- avoid bitfield for router renumbering header decl.
- implement packet-per-sec limitation for icmp6 errors, turn interval
limit off (it is not very useful due to unix timer resolution).
|
|
cleanup (indentation, v4-or-v6 conditions)
|
|
inconsistency in corner cases (from NRL I believe).
todd (fries) and I have seen panic, with the following call chain:
ip6_input -> tcp_input -> tcp_respond -> ip_input -> bang!
more cleanups should be done, to decrease complexity.
for example, INP_IPV6_MAPPED should be nuked.
|
|
as per TCP-imply IETF WG draft(s). The correct approach is to just use
the relevant interface's MTU.
|
|
touch tcp header before m_adj, than the other way around.
(no behavior change with the current m_adj code, new code is safer against
any future m_adj changes)
|
|
|
|
(I mean, IPv4) do not try to use rmx_mtu on routing table.
this symptom was introduced by rmx_mtu initialization (necessary for IPv6
path MTU discovery) in net/route.c. now prior behavior is recovered.
From: Hugh Graham <hugh@openbsd.org>
there are several question about mssdflt semantics, though:
Question 1: with the current code, mssdflt does not override rmx_mtu value
(mssdflt overrides interface mtu only). should we override rmx_mtu by
mssdflt as well?
Question 2: with the current code, mssdflt overrides mss computed from
if mtu, only when the destination is IPv4 non-local. is it safe enough?
we may want to use mssdflt, whenever we are uncertain.
mss = if mtu - hdrsiz;
if (IPv4 non-local destination)
mss = min(mss, mssdflt);
|
|
- tcp_sack_adjust() was completely rewritten, since it was erroneously
referencing receiver side sequence numbers and comparing with sender
side sequence numbers (thanks to Arun Desai (adesai@cisco.com) who
discovered the problem)
- in tcp_output(), moved assignment of sendalot=0 to the piece of code
immediately following the search for sack-eligible retransmissions
(bug identified by Arun Desai).
- tcp_input() was not clearing t_dupacks if fewer than three dupacks arrived
between acks of new data. (bug identified by Gaurav Banga (gaurav@netapp.com))
|
|
SACK is disabled for the connection or via sysctl
|
|
malicious party may try to use v4 mapped addr as source/dest to
confuse tcp/udp layer, or to bypass security checks,
for example, naive stack can mistakingly think a packet with
src = ::ffff:127.0.0.1 is from local node.
(sync with kame)
|
|
set retransmit timer again if it was cleared, that can happen in SACK when
there are no elligble SACK holes to be retransmitted and the receiver window
is full.
|
|
|
|
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|
|
Adapted from NetBSD:
Fix a retransmission bug introduced by the Brakmo and Peterson
RTO estimation changes. Under some circumstances it would
return a value of 0, while the old Van Jacobson RTO code would
return a minimum of 3. This would result in 12 retransmissions,
each 1 second apart. This takes care of those instances, and
ensures that t_rttmin is used everywhere as a lower bound.
|
|
|
|
|
|
|
|
|
|
|
|
location, as attempts to do it differently have caused too many problems.
|
|
hopefully without random kernel data corruption.
|
|
|
|
data corruptions and panics that people have experienced. by reverting
we loose tcp signatures and ipv6 cleanups, the code looked correct to me.
|
|
|
|
|
|
|
|
|
|
protocols.
"struct tcpiphdr" is now gone from much of the code, as are separate pointers
for ti and ti6. The result is fewer variables, which is generally a good thing.
Simple if(is_ipv6) ... else ... tests are gone in favor of a
switch(protocol family), which allows future new protocols to be added easily.
This also makes it possible for someone so inclined to re-implement TUBA (TCP
over CLNP?) and do it right instead of the kluged way it was done in 4.4.
The TCP header template is now referenced through a mbuf rather than done
through a data pointer and dtom()ed as needed. This is partly because dtom() is
evil and partly because max_linkhdr + IPv6 + TCP + MSS/TS/SACK opts won't fit
inside a packet header mbuf, so we need to grab a cluster for that (which the
code now does, if needed).
|
|
|
|
fixes a problem with NFS over TCP reported by Jason Thorpe, fix from
klm@netbsd.org
|
|
Fixed a sequence wraparound bug in the snd_recover variable discovered in
very large (multiple GByte) transfers (in loss free conditions, snd_recover
was not sufficiently tracking snd_una). Thanks to Mark Smith for finding
this.
Fixed a bug in tcp_newreno that was preventing retransmission of data due
to partial acks. (Discovered by Jayanth Vijayaraghavan)
|
|
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.
|
|
just ignore the sack block + fix misleading comment. tomh@CS.Berkeley.EDU
|
|
|
|
|
|
|
|
already been cleared of the acked data, though it was called before any
sbdrop() call and always called tcp_output() with 0 index in the send
socket buffer and thus causing data corruption. so do not set snd_una to
th_ack.
|
|
integration
|
|
|
|
|
|
|
|
|
|
|
|
by Hari Balakrishnan (hari@lcs.mit.edu), Tom Henderson (tomh@cs.berkeley.edu)
and Venkat Padmanabhan (padmanab@cs.berkeley.edu) as part of the
Daedalus research group at the University of California,
(http://daedalus.cs.berkeley.edu). [I was able to do this on time spent
at the Center for Information Technology Integration (citi.umich.edu)]
|
|
- fix a 4.4bsd-lite2 bug, when tcp options are present the maximum segment
size is not updated correctly, so that fast recovery forces out a segment
which is split in two segments by tcp_output(), the fix is adpated from
FreeBSD, the effective mss is recorded after option negotiation in 3way
handshake.
[I was able to fix this on time spent at Center for Information Technology
Integration (citi.umich.edu)]
|
|
|
