summaryrefslogtreecommitdiff
path: root/sys/netinet/udp_usrreq.c
AgeCommit message (Collapse)Author
2001-05-27Remove unnecessary comment.Angelos D. Keromytis
2001-05-27Use the new IPsec tags.Angelos D. Keromytis
2001-05-20Use packet tags instead of tdbi.Angelos D. Keromytis
2001-05-11Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okAaron Campbell
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-06Move the test for bogus packet length in udp_output() closer to the top ofAaron Campbell
the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@.
2001-02-16remove IPv6 case from udp_output. now we have separate udp6_output.Jun-ichiro itojun Hagino
2001-02-16pull in new pcb notification code from kame. better handling of scope address.Jun-ichiro itojun Hagino
2000-12-11nuke #ifdef TCP6 (no longer supported).Jun-ichiro itojun Hagino
validate ICMPv6 too big messages (pmtud) based on pcb. we accept certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for traffic from unconnected pcb, we need pmtud). sync with kame
2000-10-13validate mbuf chain length on *_ctlinput. remote node may be able toJun-ichiro itojun Hagino
transmit a truncated icmp6 packet and panic the system. sync with kame.
2000-10-11nuke inp_flags bits for controlling IPv4 mapped address.Jun-ichiro itojun Hagino
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-09-22Move the PI_MAGIC define outside the INET6 ifdef block (doh!)Angelos D. Keromytis
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-07-27raw6/udp6 sockets are okay with :: in src.Jun-ichiro itojun Hagino
2000-07-27be proactive about unspecified IPv6 source address. pcb layer usesJun-ichiro itojun Hagino
unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS).
2000-06-18sync with KAME udp6_output(). udp output logic is very different betweenJun-ichiro itojun Hagino
IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases
2000-06-13comment out flowinfo manipulation on inbound. the spec is not very clear.Jun-ichiro itojun Hagino
2000-06-13avoid mbuf leak on non-matching ifp/sockaddrJun-ichiro itojun Hagino
2000-06-13on UDPv6 sendto, correctly set oifp.Jun-ichiro itojun Hagino
2000-06-13allow link-local IPv6 addres in in6_pcbbind.Jun-ichiro itojun Hagino
2000-04-09Pass ip_off and ip_len in the correct byte order to icmp_error(); thisAngelos D. Keromytis
should fix the crash problems with isic, reported last week.
2000-02-18fix alignment problem in ancillary data (alpha).Jun-ichiro itojun Hagino
only ipv6 tools (which touches ancillary data) are affected. From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-01-07Early check for destination port 0 (itojun@)Angelos D. Keromytis
2000-01-04keep paren match.Jun-ichiro itojun Hagino
2000-01-04remove support for v4 mapped address completely.Jun-ichiro itojun Hagino
1999-12-31be sure to cleanup "opts" pointer on multicast udp packet reception.Jun-ichiro itojun Hagino
1999-12-21be paranoid about malicious use of v4 mapped addr on v6 packet.Jun-ichiro itojun Hagino
malicious party may try to use v4 mapped addr as source/dest to confuse tcp/udp layer, or to bypass security checks, for example, naive stack can mistakingly think a packet with src = ::ffff:127.0.0.1 is from local node. (sync with kame)
1999-12-19reject AF mismatch for inbonud multicast traffic.Jun-ichiro itojun Hagino
1999-12-17do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address isJun-ichiro itojun Hagino
bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
1999-12-12fix IPv6 advanced API (RFC2292) for udp socket.Jun-ichiro itojun Hagino
TODO: ditto for raw and tcp socket
1999-12-08bring in KAME IPv6 code, dated 19991208.Jun-ichiro itojun Hagino
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-11-04Add comment about gettdb() and spl level.Hakan Olsson
1999-09-23fix same-interface-out-as-in and packet gets corrupted bug noted byTheo de Raadt
james@oaktree.co.uk by re-working icmp embedded-packet code so that ip_forward() m_copy()-aliased packet can be forwarded to ip_output and icmp_error() safely, because no packet tweaking is needed before calling icmp_error()
1999-06-06avoid a future problem inside an #ifdef notyetTheo de Raadt
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24Reworked udp_output() to minimize the number of if() statements needed to getcmetz
packets out. Also had the nice side effect of fewer blocks now move around by ifdefs, which makes it more readable.
1999-02-17inet6 indentTheo de Raadt
1999-02-04report on no udp checksumTheo de Raadt
1999-01-15IN_MULTICAST takes network order addressesNiklas Hallqvist
1999-01-11Use bzero instead of memset in the kernelNiklas Hallqvist
1999-01-11netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetzTheo de Raadt
1999-01-07in_pcblookup() now takes ptr to both ip address argumentsTheo de Raadt
1998-12-31mangle uh_sum as before, but recover it for icmp errorsTheo de Raadt
1998-12-28ensure the ip packet embedded inside an icmp packet has correct ip_len,Theo de Raadt
ip_off, ip_id. for udp, also correct uh_sum. ip_sum is still set to 0; (all this debugged using nmap)
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-01-24sysctl for def sizes for tcp/udp send/recv queuesMichael Shalayeff
1997-09-07for broadcast/multicast packets, correct m_pkthdr.len on the way up to the ↵Theo de Raadt
socket; drochner@zelz26.zel.kfa-juelich.de
1997-08-09The list of tcp/udp ports not to allocate dynamically is nowTodd C. Miller
a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
1997-07-24cmd is a u_longTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-15 12:01:11 +0000