summaryrefslogtreecommitdiff
path: root/sys/netinet/udp_usrreq.c
AgeCommit message (Collapse)Author
2001-06-25Defer output checksumming until ip_output() or hardware.Angelos D. Keromytis
2001-06-25Use in_cksum_phdr() rather than in_cksum() -- from NetBSDAngelos D. Keromytis
2001-06-24Remove printfs, fix comment typos.Angelos D. Keromytis
2001-06-24Save tdb_remote_auth on the PCB on latching; also save information onAngelos D. Keromytis
UDP PCB's if the socket is connected.
2001-06-23Clear the checksum flags after verification. Also, don't countAngelos D. Keromytis
checksum errors as hardware checksum packets as well.
2001-06-23Remove unneeded ip_id convertions.Federico G. Schwindt
Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment.
2001-06-23Likewise, only use outgoing TCP/UDP hardware checksumming if theAngelos D. Keromytis
interface is not in bridge mode.
2001-06-23Keep stats on TCP/UDP hardware checksumming.Angelos D. Keromytis
2001-06-23TCP/UDP hardware checksumming. Untested, since txp dies when it triesAngelos D. Keromytis
to compute the checksums. Still, it shouldn't affect anything.
2001-06-23Initialize only if no hardware checksumming.Angelos D. Keromytis
2001-06-23TCP, UDP, IPv4 input hardware checksumming processing; also IPv4Angelos D. Keromytis
output hardware checksumming. Not tested yet, but should be done tonight. Remain to be solved: interactions with bridge, TCP/UDP output checksumming, interactions of TCP/UDP checksumming with routing changes.
2001-06-19mop up after angelosTheo de Raadt
2001-06-08Cut down on include files.Angelos D. Keromytis
2001-06-05repair copyright notices for NRL & cmetz; cmetzTheo de Raadt
2001-05-27Remove unnecessary comment.Angelos D. Keromytis
2001-05-27Use the new IPsec tags.Angelos D. Keromytis
2001-05-20Use packet tags instead of tdbi.Angelos D. Keromytis
2001-05-11Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okAaron Campbell
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-06Move the test for bogus packet length in udp_output() closer to the top ofAaron Campbell
the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@.
2001-02-16remove IPv6 case from udp_output. now we have separate udp6_output.Jun-ichiro itojun Hagino
2001-02-16pull in new pcb notification code from kame. better handling of scope address.Jun-ichiro itojun Hagino
2000-12-11nuke #ifdef TCP6 (no longer supported).Jun-ichiro itojun Hagino
validate ICMPv6 too big messages (pmtud) based on pcb. we accept certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for traffic from unconnected pcb, we need pmtud). sync with kame
2000-10-13validate mbuf chain length on *_ctlinput. remote node may be able toJun-ichiro itojun Hagino
transmit a truncated icmp6 packet and panic the system. sync with kame.
2000-10-11nuke inp_flags bits for controlling IPv4 mapped address.Jun-ichiro itojun Hagino
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-09-22Move the PI_MAGIC define outside the INET6 ifdef block (doh!)Angelos D. Keromytis
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-07-27raw6/udp6 sockets are okay with :: in src.Jun-ichiro itojun Hagino
2000-07-27be proactive about unspecified IPv6 source address. pcb layer usesJun-ichiro itojun Hagino
unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS).
2000-06-18sync with KAME udp6_output(). udp output logic is very different betweenJun-ichiro itojun Hagino
IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases
2000-06-13comment out flowinfo manipulation on inbound. the spec is not very clear.Jun-ichiro itojun Hagino
2000-06-13avoid mbuf leak on non-matching ifp/sockaddrJun-ichiro itojun Hagino
2000-06-13on UDPv6 sendto, correctly set oifp.Jun-ichiro itojun Hagino
2000-06-13allow link-local IPv6 addres in in6_pcbbind.Jun-ichiro itojun Hagino
2000-04-09Pass ip_off and ip_len in the correct byte order to icmp_error(); thisAngelos D. Keromytis
should fix the crash problems with isic, reported last week.
2000-02-18fix alignment problem in ancillary data (alpha).Jun-ichiro itojun Hagino
only ipv6 tools (which touches ancillary data) are affected. From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-01-07Early check for destination port 0 (itojun@)Angelos D. Keromytis
2000-01-04keep paren match.Jun-ichiro itojun Hagino
2000-01-04remove support for v4 mapped address completely.Jun-ichiro itojun Hagino
1999-12-31be sure to cleanup "opts" pointer on multicast udp packet reception.Jun-ichiro itojun Hagino
1999-12-21be paranoid about malicious use of v4 mapped addr on v6 packet.Jun-ichiro itojun Hagino
malicious party may try to use v4 mapped addr as source/dest to confuse tcp/udp layer, or to bypass security checks, for example, naive stack can mistakingly think a packet with src = ::ffff:127.0.0.1 is from local node. (sync with kame)
1999-12-19reject AF mismatch for inbonud multicast traffic.Jun-ichiro itojun Hagino
1999-12-17do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address isJun-ichiro itojun Hagino
bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
1999-12-12fix IPv6 advanced API (RFC2292) for udp socket.Jun-ichiro itojun Hagino
TODO: ditto for raw and tcp socket
1999-12-08bring in KAME IPv6 code, dated 19991208.Jun-ichiro itojun Hagino
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-11-04Add comment about gettdb() and spl level.Hakan Olsson
1999-09-23fix same-interface-out-as-in and packet gets corrupted bug noted byTheo de Raadt
james@oaktree.co.uk by re-working icmp embedded-packet code so that ip_forward() m_copy()-aliased packet can be forwarded to ip_output and icmp_error() safely, because no packet tweaking is needed before calling icmp_error()
1999-06-06avoid a future problem inside an #ifdef notyetTheo de Raadt
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-24 14:14:21 +0000