src - OpenBSD base system

Age	Commit message (Collapse)	Author
1999-12-08	bring in KAME IPv6 code, dated 19991208.	Jun-ichiro itojun Hagino
	replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-11-15	Fix tcp retransmit/persist timers, provos@ OK.	Hugh Graham
	Adapted from NetBSD: Fix a retransmission bug introduced by the Brakmo and Peterson RTO estimation changes. Under some circumstances it would return a value of 0, while the old Van Jacobson RTO code would return a minimum of 3. This would result in 12 retransmissions, each 1 second apart. This takes care of those instances, and ensures that t_rttmin is used everywhere as a lower bound.
1999-11-04	Add comment about gettdb() and spl level.	Hakan Olsson

1999-09-01	increase tcp_iss increment	Niels Provos

1999-08-31	correctly update window information	Niels Provos

1999-08-27	more SACK hole validity testing; fix a tcp seq arithmetic bug. cmetz and me.	Niels Provos

1999-08-06	back out all recent changes, which continue to be a source for nasty bugs	Theo de Raadt

1999-07-28	Moved the m_data/m_len shave of IP and TCP headers back to its original	cmetz
	location, as attempts to do it differently have caused too many problems.
1999-07-22	Reintroduce rev 1.41 which brings us TCP signatures again, but this time	Niklas Hallqvist
	hopefully without random kernel data corruption.
1999-07-18	use proper C	Theo de Raadt

1999-07-17	revert tcp_input.c to before 07/01/1999 - this seems to solve the mysterious	Niels Provos
	data corruptions and panics that people have experienced. by reverting we loose tcp signatures and ipv6 cleanups, the code looked correct to me.
1999-07-13	correct non-STDC case	Theo de Raadt

1999-07-06	Added support for TCP MD5 option (RFC 2385).	cmetz

1999-07-06	Fixed compilation problems when INET6 is enabled.	cmetz

1999-07-03	indent	Theo de Raadt

1999-07-02	Significant cleanups in the way TCP is made to handle multiple network	cmetz
	protocols. "struct tcpiphdr" is now gone from much of the code, as are separate pointers for ti and ti6. The result is fewer variables, which is generally a good thing. Simple if(is_ipv6) ... else ... tests are gone in favor of a switch(protocol family), which allows future new protocols to be added easily. This also makes it possible for someone so inclined to re-implement TUBA (TCP over CLNP?) and do it right instead of the kluged way it was done in 4.4. The TCP header template is now referenced through a mbuf rather than done through a data pointer and dtom()ed as needed. This is partly because dtom() is evil and partly because max_linkhdr + IPv6 + TCP + MSS/TS/SACK opts won't fit inside a packet header mbuf, so we need to grab a cluster for that (which the code now does, if needed).
1999-06-11	removed TCPCOOKIE support.	pattonme

1999-05-24	instead of dropping out of window SYNs, send an ACK and drop afterwards.	Niels Provos
	fixes a problem with NFS over TCP reported by Jason Thorpe, fix from klm@netbsd.org
1999-04-21	From Tom Henderson <tomh@cs.berkeley.edu>:	Niels Provos
	Fixed a sequence wraparound bug in the snd_recover variable discovered in very large (multiple GByte) transfers (in loss free conditions, snd_recover was not sufficiently tracking snd_una). Thanks to Mark Smith for finding this. Fixed a bug in tcp_newreno that was preventing retransmission of data due to partial acks. (Discovered by Jayanth Vijayaraghavan)
1999-03-27	add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing	Niels Provos
	SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-02-15	when allocating sack blocks check for failing malloc(), if it fails	Niels Provos
	just ignore the sack block + fix misleading comment. tomh@CS.Berkeley.EDU
1999-02-09	correct rst handling should not consult ack field here	Hugh Graham

1999-02-08	init incr tcp iss from snd_nxt, not rcv_nxt; 4.4	Theo de Raadt

1999-02-05	indent	Theo de Raadt

1999-01-27	fix NEWRENO behaviour, the newreo code assumed that the send socket buffer has	Niels Provos
	already been cleared of the acked data, though it was called before any sbdrop() call and always called tcp_output() with 0 index in the send socket buffer and thus causing data corruption. so do not set snd_una to th_ack.
1999-01-27	reordered FIN segments caused early termination, bug introduced by ipv6 ↵	Niklas Hallqvist
	integration
1999-01-15	IN_MULTICAST takes network order addresses	Niklas Hallqvist

1999-01-11	Make TCP_SACK compile with new netinet	Niklas Hallqvist

1999-01-11	netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz	Theo de Raadt

1999-01-07	in_pcblookup() now takes ptr to both ip address arguments	Theo de Raadt

1998-11-25	more min vs. ulmin/lmin fixes	Todd C. Miller

1998-11-17	NewReno, SACK and FACK support for TCP, adapted from code for BSDI	Niels Provos
	by Hari Balakrishnan (hari@lcs.mit.edu), Tom Henderson (tomh@cs.berkeley.edu) and Venkat Padmanabhan (padmanab@cs.berkeley.edu) as part of the Daedalus research group at the University of California, (http://daedalus.cs.berkeley.edu). [I was able to do this on time spent at the Center for Information Technology Integration (citi.umich.edu)]
1998-10-28	- fix three bugs pointed out in Stevens, i.a. updating timestamps correctly	Niels Provos
	- fix a 4.4bsd-lite2 bug, when tcp options are present the maximum segment size is not updated correctly, so that fast recovery forces out a segment which is split in two segments by tcp_output(), the fix is adpated from FreeBSD, the effective mss is recorded after option negotiation in 3way handshake. [I was able to fix this on time spent at Center for Information Technology Integration (citi.umich.edu)]
1998-06-27	indent	Theo de Raadt

1998-03-18	Add FreeBSD patch (check for SYN packets arriving at a socket in	Angelos D. Keromytis
	LISTEN state with source address/port == destination address/port).
1997-11-12	correct RST validity checking; fc@parkone.ci.oakland.ca.us	Theo de Raadt

1997-11-12	indent	Theo de Raadt

1997-08-26	indent	Theo de Raadt

1997-08-16	Just some more debugging info.	Angelos D. Keromytis

1997-08-09	SYN flood protection, by specifying	Angelos D. Keromytis
	option TCPCOOKIE in the kernel config file. For very busy servers, consider raising the TCK_NFRIENDS value (it's currenly set to 16). Code originally from Matt Blaze and John Ioannidis.
1997-07-06	unsigned calc should be signed; jdp@polstra.com; freebsd pr#3998	Theo de Raadt

1997-06-10	ensure RST is within window; avalon@coombs.anu.edu.au	Theo de Raadt

1997-05-12	argh	Theo de Raadt

1997-02-05	use arc4random()	Theo de Raadt

1996-09-25	Drop unused variable	Niklas Hallqvist

1996-09-20	`solve' the syn bomb problem as well as currently known; add sysctl's for	Theo de Raadt
	SOMAXCONN (kern.somaxconn), SOMINCONN (kern.sominconn), and TCPTV_KEEP_INIT (net.inet.tcp.keepinittime). when this is not enough (ie. overfull), start doing tail drop, but slightly prefer the same port.
1996-08-07	Partial protection from TCP SYN attacks	Thorsten Lockert

1996-07-29	Remove random() prototype, as it's not needed. Besides it was wrong for the ↵	Niklas Hallqvist
	alpha :-)
1996-07-29	Make TCP ISS increment by random amounts	Thorsten Lockert

1996-03-03	From NetBSD: 960217 merge	Niklas Hallqvist