summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2005-08-11New counter for not joined IPv4 multicast groups.Marco Pfatschbacher
Don't count link local scope multicast as not forwardable. This stops ips_cantforward growing on carp(4) networks. tested and ok mcbride@, ok markus@.
2005-08-11don't accept SYN-only TCP options for established connections;Markus Friedl
cf FreeBSD-SA-05:15.tcp; ok claudio, mcbride
2005-08-05don't panic for SADB_ADD w/o enc/auth, with and ok hshoexer@Markus Friedl
2005-08-02change the TCP reass queue from LIST to TAILQ;Markus Friedl
ok henning claudio fgsch krw
2005-08-02use arc4random for random packet padding (largely acedemic because it isDamien Miller
deprecated anyway); ok hshoexer@
2005-07-31Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chainChristopher Pascoe
to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
2005-07-31Change the API for icmp_do_error so that it takes the mtu directly, ratherChristopher Pascoe
than a pointer to struct ifnet containing it. Saves a 448 byte stack allocation in ip_forward which previously faked up a struct ifnet just for this purpose. idea ok deraadt millert
2005-07-25minor whitespace cleanupChristopher Pascoe
2005-07-14More netccitt and netns removals; OK henning, brad, mickeyUwe Stuehler
2005-07-04remove TUBA, ok manyMarkus Friedl
2005-06-30implement PMTU checks fromMarkus Friedl
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html i.e. don't act on ICMP-need-frag immediately if adhoc checks on the advertised mtu fail. the mtu update is delayed until a tcp retransmit happens. initial patch by Fernando Gont, tested by many.
2005-06-24simplify port allocation in pcb_bind(); based on freebsd; ok claudio henningMarkus Friedl
2005-06-19Don't reflect CARP's internal state via IFF_UP (which a user can modify), useChristopher Pascoe
IFF_RUNNING instead. Also, do not blindly restore flags onto an interface when returning to the running state. This eliminates the possibility that the kernel will bring the interface back up after a link state change on the physical interface, even though the user may have done an "ifconfig carpN down" in the meantime. Similarly two link state down events on the physical interface in succession could result in us never coming out of the INIT state. The master/backup state is still reported via link state information, so bgpd/ospfd, etc, should function as before. This also addresses PR4238. ok mpf@, ok with the idea etc henning@
2005-06-15remove from "attempted source route ..." message; ok deraadt, mpf, henning, ↵Markus Friedl
millert
2005-06-10make sure the IP packet contains a full struct ip_timestampMarkus Friedl
from art; ok deraadt, claudio, henning
2005-06-10getsockopt(): allocate a mbuf cluster for large ipsec credentialsMarkus Friedl
fixes kernel panic from pr 4252; Stefan Miltchev; ok deraadt@
2005-06-08netns bites the dustHenning Brauer
2005-06-06another leftover from the src routing adventure a year agoHenning Brauer
2005-06-03Hold a reference to the relevant struct in_ifaddr while a multicast addressChristopher Pascoe
is bound on the interface. ok mcbride@ henning@
2005-05-28Add SA replay counter synchronization to pfsync(4). Required for IPsecHakan Olsson
failover gateways. ok mcbride@, "looks good" hshoexer@
2005-05-27long overdue snprintf cleanup in kernfs related codeHans-Joerg Hoexer
ok cloder
2005-05-27wrap some commentsHans-Joerg Hoexer
2005-05-27comment out unused PACKET_TAG_IPSEC_IN_CRYPTO_DONE code; ok hshoexerMarkus Friedl
2005-05-27only access if_linkstatehooks inside splnet.Marco Pfatschbacher
with pascoe@
2005-05-27Experimental support for opportunitic use of jumbograms where only some hostsRyan Thomas McBride
on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-05-24add net.inet.ip.ifq for monitoring and changing ifqueue; similar to netbsdMarkus Friedl
ok henning
2005-05-24Ignore ICMP Source Quench messages meant for TCP connections. (Details inFernando Gont
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html) ok markus frantzen
2005-05-10support NULL encryption for ESP; ok hshoexer, hoMarkus Friedl
2005-04-25csum -> csum_flagsBrad Smith
ok krw@ canacar@
2005-04-21handle return value of snprintf correctlyHans-Joerg Hoexer
ok deraadt@
2005-04-20Introduce if_linkstatehooks.Marco Pfatschbacher
This converts if_link_state_change() to a generic usable callback with dohooks(). OK henning@, camield@ Tested by camield@ and Alexey E. Suslikov
2005-04-16re-registerTheo de Raadt
2005-04-12handle PMTU for ipip SAs, too; ok hshoexer, cloderMarkus Friedl
2005-04-05add tcp sack stats, similar to freebsd; ok deraadtMarkus Friedl
2005-03-28add some const to ether_*. remove bonus prototypes this brought out.Ted Unangst
ok deraadt@
2005-03-15- stop tearing down routes when the carp interface goes to backup in theRyan Thomas McBride
carpdev case; block outgoing packets in carp_output() instead. - unbreak the "bow out on 'ifconfig down'" behaviour, allows instant failover on graceful halt/reboot to work again. ok mpf@ henning@
2005-03-13fix a potential crash that could occur when CARP_LOG is being used.Patrick Latifi
ok mcbride
2005-03-12make sure code and comment matchMarkus Friedl
2005-03-09from freebsd:Markus Friedl
1. set rcv_laststart/rcv_lastend after checking the tcp window 2. pass rcv_laststart and rcv_lastend on the stack (shrink tcp state) ok henning, djm
2005-03-07Correctly compare routes in in_addprefix. If a netmask is supplied it needsClaudio Jeker
to be compared too -- 10/8 and 10/24 are not equal. This fixes a problem with overlapping networks reported by Simon Slaytor. OK henning@
2005-03-05Remove code which enforces a advskew=0 for the caseMarco Pfatschbacher
that carp shares the IP addresse with its physical interface. It's neither supported nor needed, since we have carpdev now. ok mcbride@
2005-03-04- check th_ack against snd_una/max; from Raja Mukerji via hugh@Markus Friedl
- limit pool to tcp_sackhole_limit entries (sysctl-able) - stop sack option processing on pool_get errors - use SEQ_MIN/SEQ_MAX ok henning, hshoexer, deraadt
2005-03-01Unbreak arp_input with carp; add back the call to carp_iamatch()Ryan Thomas McBride
which was removed in rev 1.57. This makes arpbalance work again, and ensures that only one carp host will reply to a given arp request. ok mpf@ pascoe@ dhartmei@ deraadt@
2005-02-28Remove unused variable if_flags in struct carp_softc, ok mickey@Ryan Thomas McBride
2005-02-271. tcp_xmit_timer(): remove extra rtt decrement (t_rtttime is 0-basedMarkus Friedl
while t_rtt was 1-based), update callers 2. define and use TCP_RTT_BASE_SHIFT instead of the hardcoded 2. 3. add missing shifts when t_srtt/t_rttvar are used. 4. update the comments: t_srtt uses 5 bits of fraction (not 3) and t_rttvar uses 4 bits 5. remove obsolete/unused macros TCP_RTT_SCALE and TCP_RTTVAR_SCALE 6. make sure rttmin is not > TCPTV_REXMTMAX parts from netbsd, ok mcbride, henning
2005-02-22Move #ifdef INET6 outside of 'case AF_INET6:' in tcp_ident().Ryan Thomas McBride
No functional change due to earlier check, fix from Maxim Konovalov <maxim@macomnet.ru> ok deraadt@ dhartmei@
2005-02-17miscellaneous typo fixes:Jean-Francois Brousseau
- sturct -> struct (spotted by pedro) - elimination of consecutive 'the' words ok jmc@, henning@, krw@, robert@, some whining by jolan@
2005-02-08build w/o INET6; ok mpf@, mcbride@Markus Friedl
2005-02-07Unrevert the changes introduced in 1.96 and accidentally removed in 1.97Ryan Thomas McBride
with an id10t error by yours truly.