summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2011-07-09begone, fucking rotten appletalk shit. ok roomHenning Brauer
2011-07-08mark carp advertisements to be queued at priority 6. losing them is bad,Henning Brauer
mkay? ok ryan
2011-07-08Include PIPEX in kernel by default. And add new sysctl variableYASUOKA Masahiko
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers. discussed with dlg@, ok deraadt@ mcbride@ claudio@
2011-07-07Replace the cruddy old sys/net/zlib.[ch]. We now use the sys/lib/libzTheo de Raadt
code. Missing chunks of the API are imported from the libc version, with a few #ifdef's to port it into the kernel environment. The bootblocks already used the newer code, and should encounter no surprises since there are so few changes to the existing files. In the kernel, ipcomp and kernel ppp are changed to the new API. ipcomp has been tested. ok tedu the brave
2011-07-06Add sysctl net.inet.tcp.always_keepalive, when this is set the systemStuart Henderson
behaves as if SO_KEEPALIVE was set on all TCP sockets, forcing keepalives to be sent every net.inet.tcp.keepidle half-seconds. In conjunction with a keepidle value greatly reduced from the default, this can be useful for keeping sessions open if you are stuck on a network with short NAT or firewall timeouts. Feedback from various people, ok henning@ claudio@
2011-07-06cosnistently use IFQ_SET_MAXLEN, surfaced in a discussion with + ok bluhmHenning Brauer
2011-07-06allow /31s on broadcast interfaces (eg ethernet) to work as per rfc3021.David Gwynne
the issue in our kernel was the broadcast address calculated on the /31 caused a ton of checks for use of broadcast addresses to kick in and prevent one of the two addresses on the /31 from being used. this diff basically detects if a /31 has been configured and doesnt configure a broadcast address for it, which makes the ips usable for normal traffic. i wrote this so i could interoperate with "carrier" network gear better, and sthen wants it so he can conserve address space use. the further special casing of broadcast address handling was from claudio@ ok claudio@ markus@ sthen@ henning@
2011-07-05fix bizarre and mostly useless initialization of an ifqueue in BSS thatHenning Brauer
again makes assumptions of the ifqueue internals, ok ryan claudio
2011-07-05ansifyDavid Hill
ok claudio@
2011-07-04No need to check proto == IPPROTO_ETHERIPDavid Hill
fix two typos (protcol -> protocol)
2011-07-04Fix to be able to bind a raw socket to 0.0.0.0. It had been broken afterYASUOKA Masahiko
1.54. ok claudio@ sosososo henning@
2011-07-04Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6.Claudio Jeker
The functions were 95% identical anyway. While there use struct pf_addr in struct pf_divert instead of some union which is the same. OK bluhm@ mcbride@ and most probably henning@ as well
2011-07-04Don't make copy multicast packets for carp interfacesMarco Pfatschbacher
that are not up. OK henning.
2011-07-04Allow advbase to be set to zero, which makes it possible to runMarco Pfatschbacher
with advertisement intervals of less than a second. This is needed in setups where takover times < 3s are needed. Don't use this unless you really need it. Running with too agressive timeouts might lead to false positive takeovers. OK mcbride, claudio.
2011-07-03avoid void * pointer arithmeticDavid Hill
OK claudio@
2011-07-03Do not use LINK_STATE_UNKNOWN for the INIT state. LINK_STATE_UNKNOWN hasClaudio Jeker
a special meaning and should only be set if the link state is not known because it is considered as being up. Use LINK_STATE_INVALID instead. OK mpf@ mcbride@ henning@
2011-07-03slight knf (particularly the function decls) so i dont get too distractedDavid Gwynne
while reading. ok henning@ jsing@ tedu@ marco@ bluhm@ krw@
2011-07-02gc in_interfaces. doesnt seem to do anything except get incremented.David Gwynne
ok henning@ deraadt@
2011-06-27Mark ARP request broadcasts with M_BCAST in the mbuf flags.Camiel Dobbelaar
Fixes a case in bridge_output() where ARP requests are not broadcast on interfaces without the discovery flag. ok claudio deraadt
2011-06-19fix up unbalanced format stringsJonathan Gray
ok deraadt@
2011-06-15Add IP_RECVRTABLE socket option to be used with a IPPROTO_IPMike Belopuhov
level that allows one to retrieve the original routing domain of UDP datagrams diverted by the pf via "divert-to" with a recvmsg(2). ok claudio
2011-05-31fix typos in commentStuart Henderson
2011-05-29Move the source address selection for multicast destinations thatClaudio Jeker
specify the outgoing interface with a multicast option up. Doing this before the route lookup allows multicast traffic to work even when the default 224/4 reject route is installed. Raw IP and IPv6 already had this behaviour. Based on work by Christiano F. Haesbaert. OK sthen@
2011-05-28Do not allow traffic to be sent with a destination address in 0/8;Paul de Weerd
this is not allowed according to Stevens and RFCs 5735 and 1122. Suggestion to use ENETUNREACH from claudio. OK phessler@, claudio@
2011-05-13Revert the pf->socket linking diff.Owain Ainsworth
at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw with xxxterm not sure about pirofti) involving pool corruption while using this commit. krw and todd confirm that this backout fixes the problem. ok blambert@ krw@, todd@ henning@ and kettenis@ Double link between pf states and sockets. Henning has already implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
2011-05-11Pre-allocate memory to avoid sleeping after performing a lookup, whichBret Lambert
may lead to a race. ok markus@ mikeb@
2011-05-04Collapse m_pullup and m_pullup2 into a single function, as they'reBret Lambert
essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!). testing dlg@ ok claudio@
2011-05-04Clean up gotos for listening sockets to make it obvious when packetsBret Lambert
are dropped and when normal program flow occurs. Change error return value of syn_cache_add() from 0 to -1 in order to clearly communicate intent. ok claudio@
2011-05-02recognize SO_RTABLE socket option at the SOL_SOCKET level;Mike Belopuhov
discussed with and ok claudio
2011-04-29The previous reconfiguration change broke IPv6 only setups.Marco Pfatschbacher
The address hook was only registered for v4 addresses. We now call hook_establish at interface creation time. The hook is now disestablished upon interface destroy, which plugs a tiny memleak. While there remove redundancy in carp_set_addr6 and sync it with carp_set_addr. Bug noticed by todd@. OK sthen, mikeb (on an earlier version) OK and some hints by camield@
2011-04-29In certain failure cases, a RST would be sent out on rdomain 0,Bret Lambert
regardless of the rdomain the packet was received on. Explicitly pass the rdomain to the tcp_respond() monstrosity to compensate for said monstricism which led to this behavior. ok claudio@
2011-04-28Make in_broadcast() rdomain aware. Mostly mechanical change.Claudio Jeker
This fixes the problem of binding sockets to broadcast IPs in other rdomains. OK henning@
2011-04-28Similar to the in_pcb.c change allow raw sockets to be bound to theClaudio Jeker
local network boradcast. While there kill some leftover AF_IMPLINK checks. OK henning@, sthen@
2011-04-28Allow SOCK_DGRAM sockets to be bound to the local network broadcast addr.Claudio Jeker
These sockets will only see broadcast sent to that particular address. Some applications like samba use this feature. Problem found and initial version by sthen@, OK sthen@, henning@
2011-04-26In ipsec_common_input() the packet can be either IPv4 or IPv6. SoAlexander Bluhm
pass it to the correct raw ip input function if IPsec is disabled. ok todd@ mpf@ mikeb@ blambert@ matthew@ deraadt@
2011-04-24Double link between pf states and sockets. Henning has alreadyAlexander Bluhm
implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
2011-04-19reintroduce using the RB tree for local address lookups. this isDavid Gwynne
confusing because both addresses and broadcast addresses are put into the tree. there are two types of local address lookup. the first is when the socket layer wants a local address, the second is in ip_input when the kernel is figuring out the packet is for it to process or forward. ip_input considers local addresses and broadcast addresses as local, however, the handling of broadcast addresses is different depending on whether ip_directedbcast is set. if if ip_directbcast is unset then a packet coming in on any interface to any of the systems broadcast addresses is considered local, otherwise the broadcast packet must exist on the interface it was received on. the code also needs to consider classful broadcast addresses so we can continue some legacy applications (eg, netbooting old sparcs that use rarp and bootparam requests to classful broadcast addresses as per PR6382). this diff maintains that support, but restricts it to packets that are broadcast on the link layer (eg, ethernet broadcasted packets), and it only looks up addresses on the local interface. we now only support classful broadcast addresses on local interfaces to avoid weird side effects with packets routed to us. the ip4 socket layer does lookups for local addresses with a wrapper around the global address tree that rejects matches against broadcast addresses. we now no longer support bind sockets to broadcast addresses, no matter what the value of ip_directedbcast is. ok henning@ testing (and possibly ok) claudio@
2011-04-14Backout the in_iawithaddr() -> ifa_ifwithaddr() change.Claudio Jeker
There is a massive issue with broadcast addrs because ifa_ifwithaddr() handles them differently then in_iawithaddr().
2011-04-13add missing #include "pf.h" for NPF; ok mikeb, claudio, mpfMarkus Friedl
2011-04-12put the accepted socket of a diverted connection into the routing domainMike Belopuhov
of a connection originator. this allows one to query the source rdomain with a SO_RTABLE socket option. figured out with reyk, ok claudio.
2011-04-06uncompress a packet with an IPcomp header only once; this preventsMarkus Friedl
endless loops by IPcomp-quine attacks as discovered by Tavis Ormandy; it also prevents nested IPcomp-IPIP-IPcomp attacks provied by matthew@; feedback and ok matthew@, deraadt@, djm@, claudio@
2011-04-05in_proto_csum_out: if M_ICMP_CSUM_OUT is set, do the icmp checksumHenning Brauer
ok dlg fondue-kinda-ok claudio
2011-04-05Replace if/else ladder with much more legible switch statement forBret Lambert
testing tcp flags. ok henning@ claudio@
2011-04-05mechanic rename M_{TCP|UDP}V4_CSUM_OUT -> M_{TCP|UDP}_CSUM_OUTHenning Brauer
ok claudio krw
2011-04-05Remove unused macro.Bret Lambert
ok henning@ claudio@
2011-04-04turn some macros into functions; saves 1400+ bytes from the kernelBret Lambert
on amd64 ok claudio@
2011-04-04Instead of calling tcp_reass (tcp reassembly) with magic argumentsBret Lambert
in order to skip most of the reassembly logic and try to flush available tcp segments to the socket, just split it off into its own function and use it where appropriate. ok claudio@ henning@
2011-04-04Correctly inherit and set the watermarks on socketbuffers.Claudio Jeker
This fixes the NFS problems reported on the mailing list and ensures that accepted sockets have correct socketbuffer setting. OK blambert@, henning@
2011-04-04de-guttenberg our stack a bitHenning Brauer
we don't need 7 f***ing copies of the same code to do the protocol checksums (or not, depending on hw capabilities). claudio ok
2011-04-04The forced IP header pullup in the multicast case is only needed whenClaudio Jeker
the system is a multicast forwarder so move the code into that block and save a few unneeded m_pullups. Found by dlg a long time ago. OK dlg@